ID REDHAT-RHSA-2011-1408.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-14T00:00:00
Description
An updated rhev-hypervisor package that fixes several security issues is now available.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.
The RHBA-2011:1254 update introduced a regression in the Linux kernel's Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. (CVE-2011-2942)
A flaw in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it.
(CVE-2011-2723)
The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188)
Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.
(CVE-2011-3347)
Red Hat would like to thank Brent Meshier for reporting CVE-2011-2723;
Dan Kaminsky for reporting CVE-2011-3188; and Somnath Kotur for reporting CVE-2011-3347.
This updated package provides updated components that include fixes for numerous security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however.
The security fixes included in this update address the following CVE numbers :
Users of Red Hat Enterprise Virtualization Hypervisor should upgrade to this updated package, which resolves these issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:1408. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(79280);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3347");
script_bugtraq_id(48929, 49289, 50312, 50313);
script_xref(name:"RHSA", value:"2011:1408");
script_name(english:"RHEL 5 : rhev-hypervisor (RHSA-2011:1408)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated rhev-hypervisor package that fixes several security issues
is now available.
The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The rhev-hypervisor package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.
The RHBA-2011:1254 update introduced a regression in the Linux
kernel's Ethernet bridge implementation. If a system had an interface
in a bridge, and an attacker on the local network could send packets
to that interface, they could cause a denial of service on that
system. (CVE-2011-2942)
A flaw in the Linux kernel could lead to GRO (Generic Receive Offload)
fields being left in an inconsistent state. An attacker on the local
network could use this flaw to trigger a denial of service. GRO is
enabled by default in all network drivers that support it.
(CVE-2011-2723)
The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were
generated could allow a man-in-the-middle attacker to inject packets
and possibly hijack connections. Protocol sequence numbers and
fragment IDs are now more random. (CVE-2011-3188)
Non-member VLAN (virtual LAN) packet handling for interfaces in
promiscuous mode and also using the be2net driver could allow an
attacker on the local network to cause a denial of service.
(CVE-2011-3347)
Red Hat would like to thank Brent Meshier for reporting CVE-2011-2723;
Dan Kaminsky for reporting CVE-2011-3188; and Somnath Kotur for
reporting CVE-2011-3347.
This updated package provides updated components that include fixes
for numerous security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however.
The security fixes included in this update address the following CVE
numbers :
CVE-2011-2695, CVE-2011-2699, CVE-2011-3191, CVE-2011-1833,
CVE-2011-2496, CVE-2011-3209, CVE-2011-2484, CVE-2011-3131,
CVE-2009-4067, CVE-2011-1160, and CVE-2011-1585 (kernel issues)
CVE-2011-3378 (rpm issues)
Users of Red Hat Enterprise Virtualization Hypervisor should upgrade
to this updated package, which resolves these issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-2723"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-2942"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-3188"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2011-3347"
);
# https://rhn.redhat.com/errata/RHBA-2011-1254.html
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHBA-2011:1254"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2011:1408"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected rhev-hypervisor package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/17");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2011:1408";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", reference:"rhev-hypervisor-5.7-20111018.1.el5_7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor");
}
}
{"id": "REDHAT-RHSA-2011-1408.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 : rhev-hypervisor (RHSA-2011:1408)", "description": "An updated rhev-hypervisor package that fixes several security issues is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions.\n\nThe RHBA-2011:1254 update introduced a regression in the Linux kernel's Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. (CVE-2011-2942)\n\nA flaw in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it.\n(CVE-2011-2723)\n\nThe way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188)\n\nNon-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.\n(CVE-2011-3347)\n\nRed Hat would like to thank Brent Meshier for reporting CVE-2011-2723;\nDan Kaminsky for reporting CVE-2011-3188; and Somnath Kotur for reporting CVE-2011-3347.\n\nThis updated package provides updated components that include fixes for numerous security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however.\n\nThe security fixes included in this update address the following CVE numbers :\n\nCVE-2011-2695, CVE-2011-2699, CVE-2011-3191, CVE-2011-1833, CVE-2011-2496, CVE-2011-3209, CVE-2011-2484, CVE-2011-3131, CVE-2009-4067, CVE-2011-1160, and CVE-2011-1585 (kernel issues)\n\nCVE-2011-3378 (rpm issues)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor should upgrade to this updated package, which resolves these issues.", "published": "2014-11-17T00:00:00", "modified": "2021-01-14T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/79280", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3347", "https://access.redhat.com/security/cve/cve-2011-3188", "https://access.redhat.com/security/cve/cve-2011-3347", "https://access.redhat.com/errata/RHSA-2011:1408", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2942", "https://access.redhat.com/errata/RHBA-2011:1254", "https://access.redhat.com/security/cve/cve-2011-2942", "https://access.redhat.com/security/cve/cve-2011-2723", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188"], "cvelist": ["CVE-2009-4067", "CVE-2011-1160", "CVE-2011-1585", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3347", "CVE-2011-3378"], "immutableFields": [], "lastseen": "2022-04-16T14:11:56", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2011-016", "ALAS-2011-026"]}, {"type": "centos", "idList": ["CESA-2011:1386"]}, {"type": "cve", "idList": ["CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3347"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2303-1:FAE10", "DEBIAN:DSA-2303-2:A9DDE", "DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "f5", "idList": ["F5:K15301", "SOL15301"]}, {"type": "fedora", "idList": ["FEDORA:2AC1E20B4C", "FEDORA:2F91620B3E", "FEDORA:4974E213B1", "FEDORA:5034E20B96", "FEDORA:61B6920DF2", "FEDORA:6F955210EC", "FEDORA:7805A2110A", "FEDORA:96988210E1", "FEDORA:ACEFF2102F", "FEDORA:B78FB21E49", "FEDORA:B7B6820900", "FEDORA:BCC0720E13", "FEDORA:C337E21244", "FEDORA:CAA68215A9", "FEDORA:E3FE720DE6"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2011-1408/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2011-16.NASL", "ALA_ALAS-2011-26.NASL", "CENTOS_RHSA-2011-1386.NASL", "DEBIAN_DSA-2303.NASL", "DEBIAN_DSA-2310.NASL", "F5_BIGIP_SOL15301.NASL", "FEDORA_2011-15856.NASL", "JUNIPER_NSM_PSN_2012_08_688.NASL", "LINUX_ISN.NASL", "OPENSUSE-2012-357.NASL", "ORACLELINUX_ELSA-2011-1350.NASL", "ORACLELINUX_ELSA-2011-1386.NASL", "ORACLELINUX_ELSA-2011-1465.NASL", "ORACLELINUX_ELSA-2011-2029.NASL", "ORACLELINUX_ELSA-2011-2033.NASL", "ORACLELINUX_ELSA-2011-2037.NASL", "REDHAT-RHSA-2011-1321.NASL", "REDHAT-RHSA-2011-1350.NASL", "REDHAT-RHSA-2011-1386.NASL", "REDHAT-RHSA-2011-1419.NASL", "REDHAT-RHSA-2011-1465.NASL", "REDHAT-RHSA-2011-1530.NASL", "REDHAT-RHSA-2012-0010.NASL", "REDHAT-RHSA-2012-0116.NASL", "SL_20111005_KERNEL_ON_SL6_X.NASL", "SL_20111020_KERNEL_ON_SL5_X.NASL", "SL_20111122_KERNEL_ON_SL6_X.NASL", "SL_20111206_SCIENTIFIC_LINUX_6_KERNEL_ON_SL6_X.NASL", "SUSE_11_3_KERNEL-120104.NASL", "SUSE_11_4_KERNEL-120104.NASL", "SUSE_11_KERNEL-111202.NASL", "UBUNTU_USN-1203-1.NASL", "UBUNTU_USN-1208-1.NASL", "UBUNTU_USN-1216-1.NASL", "UBUNTU_USN-1218-1.NASL", "UBUNTU_USN-1219-1.NASL", "UBUNTU_USN-1220-1.NASL", "UBUNTU_USN-1227-1.NASL", "UBUNTU_USN-1228-1.NASL", "UBUNTU_USN-1236-1.NASL", "UBUNTU_USN-1239-1.NASL", "UBUNTU_USN-1240-1.NASL", "UBUNTU_USN-1241-1.NASL", "UBUNTU_USN-1242-1.NASL", "UBUNTU_USN-1243-1.NASL", "UBUNTU_USN-1245-1.NASL", "UBUNTU_USN-1246-1.NASL", "UBUNTU_USN-1253-1.NASL", "UBUNTU_USN-1256-1.NASL", "UBUNTU_USN-1294-1.NASL", "UBUNTU_USN-1404-1.NASL", "UBUNTU_USN-1405-1.NASL", "UBUNTU_USN-1409-1.NASL", "UBUNTU_USN-1412-1.NASL", "VMWARE_VMSA-2012-0013.NASL", "VMWARE_VMSA-2012-0013_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:103558", "OPENVAS:1361412562310103558", "OPENVAS:1361412562310120275", "OPENVAS:1361412562310120399", "OPENVAS:1361412562310122034", "OPENVAS:1361412562310122051", "OPENVAS:1361412562310122052", "OPENVAS:1361412562310122066", "OPENVAS:1361412562310122075", "OPENVAS:1361412562310122078", "OPENVAS:1361412562310840743", "OPENVAS:1361412562310840746", "OPENVAS:1361412562310840758", "OPENVAS:1361412562310840760", "OPENVAS:1361412562310840761", "OPENVAS:1361412562310840762", "OPENVAS:1361412562310840771", "OPENVAS:1361412562310840773", "OPENVAS:1361412562310840778", "OPENVAS:1361412562310840785", "OPENVAS:1361412562310840786", "OPENVAS:1361412562310840788", "OPENVAS:1361412562310840789", "OPENVAS:1361412562310840790", "OPENVAS:1361412562310840793", "OPENVAS:1361412562310840796", "OPENVAS:1361412562310840802", "OPENVAS:1361412562310840804", "OPENVAS:1361412562310840834", "OPENVAS:1361412562310840963", "OPENVAS:1361412562310840969", "OPENVAS:1361412562310840970", "OPENVAS:1361412562310840972", "OPENVAS:1361412562310850211", "OPENVAS:1361412562310850253", "OPENVAS:1361412562310863571", "OPENVAS:1361412562310863604", "OPENVAS:1361412562310863606", "OPENVAS:1361412562310863625", "OPENVAS:1361412562310863647", "OPENVAS:1361412562310863661", "OPENVAS:1361412562310863682", "OPENVAS:1361412562310863700", "OPENVAS:1361412562310863727", "OPENVAS:1361412562310863753", "OPENVAS:1361412562310863766", "OPENVAS:1361412562310864109", "OPENVAS:1361412562310864178", "OPENVAS:1361412562310864237", "OPENVAS:1361412562310864488", "OPENVAS:1361412562310870491", "OPENVAS:1361412562310870504", "OPENVAS:1361412562310870628", "OPENVAS:1361412562310870693", "OPENVAS:1361412562310870695", "OPENVAS:1361412562310881021", "OPENVAS:1361412562310881406", "OPENVAS:840743", "OPENVAS:840746", "OPENVAS:840758", "OPENVAS:840760", "OPENVAS:840761", "OPENVAS:840762", "OPENVAS:840771", "OPENVAS:840773", "OPENVAS:840778", "OPENVAS:840785", "OPENVAS:840786", "OPENVAS:840788", "OPENVAS:840789", "OPENVAS:840790", "OPENVAS:840793", "OPENVAS:840796", "OPENVAS:840802", "OPENVAS:840804", "OPENVAS:840834", "OPENVAS:840963", "OPENVAS:840969", "OPENVAS:840970", "OPENVAS:840972", "OPENVAS:850211", "OPENVAS:850253", "OPENVAS:863571", "OPENVAS:863604", "OPENVAS:863606", "OPENVAS:863625", "OPENVAS:863647", "OPENVAS:863661", "OPENVAS:863682", "OPENVAS:863700", "OPENVAS:863727", "OPENVAS:863753", "OPENVAS:863766", "OPENVAS:864109", "OPENVAS:864178", "OPENVAS:864237", "OPENVAS:864488", "OPENVAS:870491", "OPENVAS:870504", "OPENVAS:870628", "OPENVAS:870693", "OPENVAS:870695", "OPENVAS:881021", "OPENVAS:881406"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1350", "ELSA-2011-1386", "ELSA-2011-1391", "ELSA-2011-1465", "ELSA-2011-1530", "ELSA-2011-2029", "ELSA-2011-2033", "ELSA-2011-2037", "ELSA-2012-0150"]}, {"type": "redhat", "idList": ["RHSA-2011:1321", "RHSA-2011:1350", "RHSA-2011:1386", "RHSA-2011:1408", "RHSA-2011:1419", "RHSA-2011:1465", "RHSA-2011:1530", "RHSA-2012:0010", "RHSA-2012:0116"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27006", "SECURITYVULNS:DOC:30403", "SECURITYVULNS:VULN:11905", "SECURITYVULNS:VULN:11922", "SECURITYVULNS:VULN:12305", "SECURITYVULNS:VULN:13641"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2012:0206-1", "OPENSUSE-SU-2012:0236-1", "SUSE-SA:2011:046", "SUSE-SU-2011:1319-1", "SUSE-SU-2011:1319-2"]}, {"type": "ubuntu", "idList": ["USN-1203-1", "USN-1208-1", "USN-1216-1", "USN-1218-1", "USN-1219-1", "USN-1220-1", "USN-1227-1", "USN-1228-1", "USN-1236-1", "USN-1239-1", "USN-1240-1", "USN-1241-1", "USN-1242-1", "USN-1243-1", "USN-1245-1", "USN-1246-1", "USN-1253-1", "USN-1256-1", "USN-1294-1", "USN-1404-1", "USN-1409-1", "USN-1412-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2723", "UB:CVE-2011-2942", "UB:CVE-2011-3188", "UB:CVE-2011-3347"]}, {"type": "vmware", "idList": ["VMSA-2012-0013", "VMSA-2012-0013.2"]}]}, "score": {"value": 6.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2011:1386"]}, {"type": "cve", "idList": ["CVE-2011-1160", "CVE-2011-1585"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2310-1:3E5BE"]}, {"type": "f5", "idList": ["SOL15301"]}, {"type": "fedora", "idList": ["FEDORA:6F955210EC"]}, {"type": "nessus", "idList": ["SL_20111020_KERNEL_ON_SL5_X.NASL", "UBUNTU_USN-1236-1.NASL", "UBUNTU_USN-1243-1.NASL", "UBUNTU_USN-1253-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310840760", "OPENVAS:1361412562310840970", "OPENVAS:1361412562310870491", "OPENVAS:840773", "OPENVAS:863625"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1350", "ELSA-2011-2029", "ELSA-2011-2037", "ELSA-2012-0150"]}, {"type": "redhat", "idList": ["RHSA-2011:1321", "RHSA-2011:1350", "RHSA-2011:1530", "RHSA-2012:0116"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30403"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1319-1"]}, {"type": "ubuntu", "idList": ["USN-1220-1", "USN-1236-1", "USN-1409-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2011-2723"]}, {"type": "vmware", "idList": ["VMSA-2012-0013"]}]}, "exploitation": null, "vulnersScore": 6.3}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "pluginID": "79280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1408. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79280);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3347\");\n script_bugtraq_id(48929, 49289, 50312, 50313);\n script_xref(name:\"RHSA\", value:\"2011:1408\");\n\n script_name(english:\"RHEL 5 : rhev-hypervisor (RHSA-2011:1408)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated rhev-hypervisor package that fixes several security issues\nis now available.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe rhev-hypervisor package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available\nfor the Intel 64 and AMD64 architectures with virtualization\nextensions.\n\nThe RHBA-2011:1254 update introduced a regression in the Linux\nkernel's Ethernet bridge implementation. If a system had an interface\nin a bridge, and an attacker on the local network could send packets\nto that interface, they could cause a denial of service on that\nsystem. (CVE-2011-2942)\n\nA flaw in the Linux kernel could lead to GRO (Generic Receive Offload)\nfields being left in an inconsistent state. An attacker on the local\nnetwork could use this flaw to trigger a denial of service. GRO is\nenabled by default in all network drivers that support it.\n(CVE-2011-2723)\n\nThe way IPv4 and IPv6 protocol sequence numbers and fragment IDs were\ngenerated could allow a man-in-the-middle attacker to inject packets\nand possibly hijack connections. Protocol sequence numbers and\nfragment IDs are now more random. (CVE-2011-3188)\n\nNon-member VLAN (virtual LAN) packet handling for interfaces in\npromiscuous mode and also using the be2net driver could allow an\nattacker on the local network to cause a denial of service.\n(CVE-2011-3347)\n\nRed Hat would like to thank Brent Meshier for reporting CVE-2011-2723;\nDan Kaminsky for reporting CVE-2011-3188; and Somnath Kotur for\nreporting CVE-2011-3347.\n\nThis updated package provides updated components that include fixes\nfor numerous security issues. These issues have no security impact on\nRed Hat Enterprise Virtualization Hypervisor itself, however.\n\nThe security fixes included in this update address the following CVE\nnumbers :\n\nCVE-2011-2695, CVE-2011-2699, CVE-2011-3191, CVE-2011-1833,\nCVE-2011-2496, CVE-2011-3209, CVE-2011-2484, CVE-2011-3131,\nCVE-2009-4067, CVE-2011-1160, and CVE-2011-1585 (kernel issues)\n\nCVE-2011-3378 (rpm issues)\n\nUsers of Red Hat Enterprise Virtualization Hypervisor should upgrade\nto this updated package, which resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3347\"\n );\n # https://rhn.redhat.com/errata/RHBA-2011-1254.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2011:1254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1408\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1408\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"rhev-hypervisor-5.7-20111018.1.el5_7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor", "cpe:/o:redhat:enterprise_linux:5"], "solution": "Update the affected rhev-hypervisor package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2011-10-26T00:00:00", "vulnerabilityPublicationDate": "2011-09-06T00:00:00", "exploitableWith": []}
{"nessus": [{"lastseen": "2021-08-26T00:51:31", "description": "From Red Hat Security Advisory 2011:1386 :\n\nUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)\n\n* A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n* Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : kernel (ELSA-2011-1386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1160", "CVE-2011-1585", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3347"], "modified": "2021-08-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-PAE", "p-cpe:/a:oracle:linux:kernel-PAE-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-xen", "p-cpe:/a:oracle:linux:kernel-xen-devel", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2011-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/68375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1386 and \n# Oracle Linux Security Advisory ELSA-2011-1386 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68375);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/24\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_bugtraq_id(46866, 47321, 47381, 48383, 48687, 48697, 48802, 48929, 49108, 49146, 49289, 49295, 50311, 50312, 50313);\n script_xref(name:\"RHSA\", value:\"2011:1386\");\n\n script_name(english:\"Oracle Linux 5 : kernel (ELSA-2011-1386)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1386 :\n\nUpdated kernel packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2011-2695,\nImportant)\n\n* IPv6 fragment identification value generation could allow a remote\nattacker to disrupt a target system's networking, preventing\nlegitimate users from accessing its services. (CVE-2011-2699,\nImportant)\n\n* A malicious CIFS (Common Internet File System) server could send a\nspecially crafted response to a directory read request that would\nresult in a denial of service or privilege escalation on a system that\nhas a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then\naccess) a directory they would otherwise not have access to. Note: To\ncorrect this issue, the RHSA-2011:1241 ecryptfs-utils update must also\nbe installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged\nuser to cause excessive CPU time and memory use. (CVE-2011-2484,\nModerate)\n\n* Mapping expansion handling could allow a local, unprivileged user to\ncause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an\ninconsistent state. An attacker on the local network could use this\nflaw to cause a denial of service. GRO is enabled by default in all\nnetwork drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge\nimplementation. If a system had an interface in a bridge, and an\nattacker on the local network could send packets to that interface,\nthey could cause a denial of service on that system. Xen hypervisor\nand KVM (Kernel-based Virtual Machine) hosts often deploy bridge\ninterfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation\ncould allow a privileged guest user, within a guest operating system\nthat has direct control of a PCI device, to cause performance\ndegradation on the host and possibly cause it to hang. (CVE-2011-3131,\nModerate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation\ncould allow a man-in-the-middle attacker to inject packets and\npossibly hijack connections. Protocol sequence number and fragment IDs\nare now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-3209,\nModerate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in\npromiscuous mode and also using the be2net driver could allow an\nattacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged\nuser to cause a denial of service or escalate their privileges by\ninserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could\nallow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that\nrequires authentication without knowing the correct password if the\nmount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team\nfor reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent\nMeshier for reporting CVE-2011-2723; Dan Kaminsky for reporting\nCVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath\nKotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting\nCVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu\nSecurity Team acknowledges Vasiliy Kulikov of Openwall and Dan\nRosenberg as the original reporters of CVE-2011-1833.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002423.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n cve_list = make_list(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2011-1386\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-PAE-devel-2.6.18\") && rpm_check(release:\"EL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-debug-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-debug-devel-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-devel-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-doc-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-doc-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-headers-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-headers-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-2.6.18-274.7.1.0.1.el5\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-xen-devel-2.6.18\") && rpm_check(release:\"EL5\", reference:\"kernel-xen-devel-2.6.18-274.7.1.0.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:42", "description": "Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)\n\n* A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n* Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "CentOS 5 : kernel (CESA-2011:1386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1160", "CVE-2011-1585", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3347"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-PAE", "p-cpe:/a:centos:centos:kernel-PAE-devel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-xen", "p-cpe:/a:centos:centos:kernel-xen-devel", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/56569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1386 and \n# CentOS Errata and Security Advisory 2011:1386 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56569);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_bugtraq_id(46866, 47321, 47381, 48383, 48687, 48697, 48802, 48929, 49108, 49146, 49289, 49295, 50312, 50313);\n script_xref(name:\"RHSA\", value:\"2011:1386\");\n\n script_name(english:\"CentOS 5 : kernel (CESA-2011:1386)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2011-2695,\nImportant)\n\n* IPv6 fragment identification value generation could allow a remote\nattacker to disrupt a target system's networking, preventing\nlegitimate users from accessing its services. (CVE-2011-2699,\nImportant)\n\n* A malicious CIFS (Common Internet File System) server could send a\nspecially crafted response to a directory read request that would\nresult in a denial of service or privilege escalation on a system that\nhas a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then\naccess) a directory they would otherwise not have access to. Note: To\ncorrect this issue, the RHSA-2011:1241 ecryptfs-utils update must also\nbe installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged\nuser to cause excessive CPU time and memory use. (CVE-2011-2484,\nModerate)\n\n* Mapping expansion handling could allow a local, unprivileged user to\ncause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an\ninconsistent state. An attacker on the local network could use this\nflaw to cause a denial of service. GRO is enabled by default in all\nnetwork drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge\nimplementation. If a system had an interface in a bridge, and an\nattacker on the local network could send packets to that interface,\nthey could cause a denial of service on that system. Xen hypervisor\nand KVM (Kernel-based Virtual Machine) hosts often deploy bridge\ninterfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation\ncould allow a privileged guest user, within a guest operating system\nthat has direct control of a PCI device, to cause performance\ndegradation on the host and possibly cause it to hang. (CVE-2011-3131,\nModerate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation\ncould allow a man-in-the-middle attacker to inject packets and\npossibly hijack connections. Protocol sequence number and fragment IDs\nare now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-3209,\nModerate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in\npromiscuous mode and also using the be2net driver could allow an\nattacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged\nuser to cause a denial of service or escalate their privileges by\ninserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could\nallow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that\nrequires authentication without knowing the correct password if the\nmount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team\nfor reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent\nMeshier for reporting CVE-2011-2723; Dan Kaminsky for reporting\nCVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath\nKotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting\nCVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu\nSecurity Team acknowledges Vasiliy Kulikov of Openwall and Dan\nRosenberg as the original reporters of CVE-2011-1833.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6431a9c4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d39b4721\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-debug-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-doc-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-headers-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"kernel-xen-devel-2.6.18-274.7.1.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:43", "description": "Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n* IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)\n\n* A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n* Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1160", "CVE-2011-1585", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3347"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2011-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/56577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1386. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56577);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_bugtraq_id(46866, 47321, 47381, 48383, 48687, 48697, 48802, 48929, 49108, 49146, 49289, 49295, 50312, 50313);\n script_xref(name:\"RHSA\", value:\"2011:1386\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1386)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix multiple security issues, several\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n* The maximum file offset handling for ext4 file systems could allow a\nlocal, unprivileged user to cause a denial of service. (CVE-2011-2695,\nImportant)\n\n* IPv6 fragment identification value generation could allow a remote\nattacker to disrupt a target system's networking, preventing\nlegitimate users from accessing its services. (CVE-2011-2699,\nImportant)\n\n* A malicious CIFS (Common Internet File System) server could send a\nspecially crafted response to a directory read request that would\nresult in a denial of service or privilege escalation on a system that\nhas a CIFS share mounted. (CVE-2011-3191, Important)\n\n* A local attacker could use mount.ecryptfs_private to mount (and then\naccess) a directory they would otherwise not have access to. Note: To\ncorrect this issue, the RHSA-2011:1241 ecryptfs-utils update must also\nbe installed. (CVE-2011-1833, Moderate)\n\n* A flaw in the taskstats subsystem could allow a local, unprivileged\nuser to cause excessive CPU time and memory use. (CVE-2011-2484,\nModerate)\n\n* Mapping expansion handling could allow a local, unprivileged user to\ncause a denial of service. (CVE-2011-2496, Moderate)\n\n* GRO (Generic Receive Offload) fields could be left in an\ninconsistent state. An attacker on the local network could use this\nflaw to cause a denial of service. GRO is enabled by default in all\nnetwork drivers that support it. (CVE-2011-2723, Moderate)\n\n* RHSA-2011:1065 introduced a regression in the Ethernet bridge\nimplementation. If a system had an interface in a bridge, and an\nattacker on the local network could send packets to that interface,\nthey could cause a denial of service on that system. Xen hypervisor\nand KVM (Kernel-based Virtual Machine) hosts often deploy bridge\ninterfaces. (CVE-2011-2942, Moderate)\n\n* A flaw in the Xen hypervisor IOMMU error handling implementation\ncould allow a privileged guest user, within a guest operating system\nthat has direct control of a PCI device, to cause performance\ndegradation on the host and possibly cause it to hang. (CVE-2011-3131,\nModerate)\n\n* IPv4 and IPv6 protocol sequence number and fragment ID generation\ncould allow a man-in-the-middle attacker to inject packets and\npossibly hijack connections. Protocol sequence number and fragment IDs\nare now more random. (CVE-2011-3188, Moderate)\n\n* A flaw in the kernel's clock implementation could allow a local,\nunprivileged user to cause a denial of service. (CVE-2011-3209,\nModerate)\n\n* Non-member VLAN (virtual LAN) packet handling for interfaces in\npromiscuous mode and also using the be2net driver could allow an\nattacker on the local network to cause a denial of service.\n(CVE-2011-3347, Moderate)\n\n* A flaw in the auerswald USB driver could allow a local, unprivileged\nuser to cause a denial of service or escalate their privileges by\ninserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n* A flaw in the Trusted Platform Module (TPM) implementation could\nallow a local, unprivileged user to leak information to user space.\n(CVE-2011-1160, Low)\n\n* A local, unprivileged user could possibly mount a CIFS share that\nrequires authentication without knowing the correct password if the\nmount was already mounted by another local user. (CVE-2011-1585, Low)\n\nRed Hat would like to thank Fernando Gont for reporting CVE-2011-2699;\nDarren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team\nfor reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting\nCVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent\nMeshier for reporting CVE-2011-2723; Dan Kaminsky for reporting\nCVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath\nKotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting\nCVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu\nSecurity Team acknowledges Vasiliy Kulikov of Openwall and Dan\nRosenberg as the original reporters of CVE-2011-1833.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3347\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1241\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1065.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1386\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1386\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-274.7.1.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-274.7.1.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:40", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity fixes :\n\n - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)\n\n - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)\n\n - A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)\n\n - A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, a ecryptfs-utils update must also be installed.\n (CVE-2011-1833, Moderate)\n\n - A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n - Mapping expansion handling could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-2496, Moderate)\n\n - GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n - A previous update introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)\n\n - A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n - IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n\n - A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service.\n (CVE-2011-3209, Moderate)\n\n - Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate)\n\n - A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially crafted USB device. (CVE-2009-4067, Low)\n\n - A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space. (CVE-2011-1160, Low)\n\n - A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1160", "CVE-2011-1585", "CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2723", "CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3347"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111020_KERNEL_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61162", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61162);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity fixes :\n\n - The maximum file offset handling for ext4 file systems\n could allow a local, unprivileged user to cause a denial\n of service. (CVE-2011-2695, Important)\n\n - IPv6 fragment identification value generation could\n allow a remote attacker to disrupt a target system's\n networking, preventing legitimate users from accessing\n its services. (CVE-2011-2699, Important)\n\n - A malicious CIFS (Common Internet File System) server\n could send a specially crafted response to a directory\n read request that would result in a denial of service or\n privilege escalation on a system that has a CIFS share\n mounted. (CVE-2011-3191, Important)\n\n - A local attacker could use mount.ecryptfs_private to\n mount (and then access) a directory they would otherwise\n not have access to. Note: To correct this issue, a\n ecryptfs-utils update must also be installed.\n (CVE-2011-1833, Moderate)\n\n - A flaw in the taskstats subsystem could allow a local,\n unprivileged user to cause excessive CPU time and memory\n use. (CVE-2011-2484, Moderate)\n\n - Mapping expansion handling could allow a local,\n unprivileged user to cause a denial of service.\n (CVE-2011-2496, Moderate)\n\n - GRO (Generic Receive Offload) fields could be left in an\n inconsistent state. An attacker on the local network\n could use this flaw to cause a denial of service. GRO is\n enabled by default in all network drivers that support\n it. (CVE-2011-2723, Moderate)\n\n - A previous update introduced a regression in the\n Ethernet bridge implementation. If a system had an\n interface in a bridge, and an attacker on the local\n network could send packets to that interface, they could\n cause a denial of service on that system. Xen hypervisor\n and KVM (Kernel-based Virtual Machine) hosts often\n deploy bridge interfaces. (CVE-2011-2942, Moderate)\n\n - A flaw in the Xen hypervisor IOMMU error handling\n implementation could allow a privileged guest user,\n within a guest operating system that has direct control\n of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131,\n Moderate)\n\n - IPv4 and IPv6 protocol sequence number and fragment ID\n generation could allow a man-in-the-middle attacker to\n inject packets and possibly hijack connections. Protocol\n sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n\n - A flaw in the kernel's clock implementation could allow\n a local, unprivileged user to cause a denial of service.\n (CVE-2011-3209, Moderate)\n\n - Non-member VLAN (virtual LAN) packet handling for\n interfaces in promiscuous mode and also using the be2net\n driver could allow an attacker on the local network to\n cause a denial of service. (CVE-2011-3347, Moderate)\n\n - A flaw in the auerswald USB driver could allow a local,\n unprivileged user to cause a denial of service or\n escalate their privileges by inserting a specially\n crafted USB device. (CVE-2009-4067, Low)\n\n - A flaw in the Trusted Platform Module (TPM)\n implementation could allow a local, unprivileged user to\n leak information to user space. (CVE-2011-1160, Low)\n\n - A local, unprivileged user could possibly mount a CIFS\n share that requires authentication without knowing the\n correct password if the mount was already mounted by\n another local user. (CVE-2011-1585, Low)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=2276\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56da833f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/06/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"kernel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-debuginfo-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", cpu:\"i386\", reference:\"kernel-PAE-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-debuginfo-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debug-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-debuginfo-common-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-devel-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-doc-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-headers-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-debuginfo-2.6.18-274.7.1.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kernel-xen-devel-2.6.18-274.7.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T02:00:47", "description": "The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2029 advisory.\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. (CVE-2011-1833)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. (CVE-2011-2496)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1833", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2723", "CVE-2011-2898"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uekdebug", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uek", "p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uekdebug"], "id": "ORACLELINUX_ELSA-2011-2029.NASL", "href": "https://www.tenable.com/plugins/nessus/68422", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-2029.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68422);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1833\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2723\",\n \"CVE-2011-2898\"\n );\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2011-2029 advisory.\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux\n kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private\n mount with a mismatched uid. (CVE-2011-1833)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not\n prevent multiple registrations of exit handlers, which allows local users to cause a denial of service\n (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows\n local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that\n expands a memory mapping. (CVE-2011-2496)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when\n Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows\n remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to\n certain packet data structures associated with VLAN Tag Control Information, which allows local users to\n obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-2029.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-1833\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el5uekdebug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ofa-2.6.32-200.20.1.el6uekdebug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-200.20.1.el5uek', '2.6.32-200.20.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-2029');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.20.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.20.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.20.1.el5uek-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uek-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el5uekdebug-1.5.1-4.0.53', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-debug-devel-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-devel-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.32'},\n {'reference':'kernel-uek-doc-2.6.32-200.20.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.32'},\n {'reference':'kernel-uek-firmware-2.6.32-200.20.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'kernel-uek-headers-2.6.32-200.20.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-2.6.32'},\n {'reference':'ofa-2.6.32-200.20.1.el6uek-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uek-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ofa-2.6.32-200.20.1.el6uekdebug-1.5.1-4.0.47', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-16T02:06:33", "description": "The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic.\n\nRace condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.\n\nThe (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.\n\nInteger signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.\n\nThe Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2011-16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1833", "CVE-2011-2723", "CVE-2011-2918", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2020-08-03T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:perf", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-16.NASL", "href": "https://www.tenable.com/plugins/nessus/69575", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-16.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69575);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/03\");\n\n script_cve_id(\"CVE-2011-1833\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"ALAS\", value:\"2011-16\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2011-16)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The skb_gro_header_slow function in include/linux/netdevice.h in the\nLinux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is\nenabled, resets certain fields in incorrect situations, which allows\nremote attackers to cause a denial of service (system crash) via\ncrafted network traffic.\n\nRace condition in the ecryptfs_mount function in fs/ecryptfs/main.c in\nthe eCryptfs subsystem in the Linux kernel before 3.1 allows local\nusers to bypass intended file permissions via a mount.ecryptfs_private\nmount with a mismatched uid.\n\nThe (1) IPv4 and (2) IPv6 implementations in the Linux kernel before\n3.1 use a modified MD4 algorithm to generate sequence numbers and\nFragment Identification values, which makes it easier for remote\nattackers to cause a denial of service (disrupted networking) or\nhijack network sessions by predicting these values and sending crafted\npackets.\n\nInteger signedness error in the CIFSFindNext function in\nfs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS\nservers to cause a denial of service (memory corruption) or possibly\nhave unspecified other impact via a large length value in a response\nto a read request for a directory.\n\nThe Performance Events subsystem in the Linux kernel before 3.1 does\nnot properly handle event overflows associated with\nPERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a\ndenial of service (system hang) via a crafted application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-16.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-2.6.35.14-97.44.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-2.6.35.14-97.44.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:58:52", "description": "Fixes assorted CVEs CVE-2011-2918: perf: Fix software event overflow CVE-2011-3188: net: improve sequence number generation CVE-2011-2723:\ngro: Only reset frag0 when skb can be pulled CVE-2011-2928: befs:\nValidate length of long symbolic links CVE-2011-3191: cifs: fix possible memory corruption in CIFSFindNext CVE-2011-1833: ecryptfs:\nmount source TOCTOU race\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-10T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.14-97.fc14 (2011-12874)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1833", "CVE-2011-2723", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-12874.NASL", "href": "https://www.tenable.com/plugins/nessus/56416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-12874.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56416);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48929, 49108, 49152, 49256, 49289, 49295);\n script_xref(name:\"FEDORA\", value:\"2011-12874\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.14-97.fc14 (2011-12874)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes assorted CVEs CVE-2011-2918: perf: Fix software event overflow\nCVE-2011-3188: net: improve sequence number generation CVE-2011-2723:\ngro: Only reset frag0 when skb can be pulled CVE-2011-2928: befs:\nValidate length of long symbolic links CVE-2011-3191: cifs: fix\npossible memory corruption in CIFSFindNext CVE-2011-1833: ecryptfs:\nmount source TOCTOU race\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067409.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce844bc9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.14-97.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:56:00", "description": "Updated kernel packages that fix two security issues and four bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw was found in the Linux kernel's clock implementation on 32-bit, SMP (symmetric multiprocessing) systems. A local, unprivileged user could use this flaw to cause a divide error fault, resulting in a denial of service. (CVE-2011-3209, Moderate)\n\nRed Hat would like to thank Dan Kaminsky for reporting CVE-2011-3188, and Yasuaki Ishimatsu for reporting CVE-2011-3209.\n\nIn addition, this update fixes the following bugs :\n\n* When the Global File System 2 (GFS2) file system is suspended, its delete work queue is also suspended, along with any pending work on the queue. Prior to this update, if GFS2's transaction lock was demoted while the delete work queue was suspended, a deadlock could occur on the file system because the file system tried to flush the work queue in the lock demotion code. With this update, the delete work queue is no longer flushed by the lock demotion code, and a deadlock no longer occurs. Instead, the work queue is flushed by the unmount operation, so that pending work is properly completed.\n(BZ#733678)\n\n* A previously applied patch introduced a regression for third-party file systems that do not set the FS_HAS_IODONE2 flag, specifically, Oracle Cluster File System 2 (OCFS2). The patch removed a call to the aio_complete function, resulting in no completion events being processed, causing user-space applications to become unresponsive.\nThis update reintroduces the aio_complete function call, fixing this issue. (BZ#734156)\n\n* Certain devices support multiple operation modes. For example, EMC CLARiiON disk arrays support ALUA mode and their own vendor specific mode for failover. In Red Hat Enterprise Linux 5.5, a bug was discovered that prevented tools such as multipath from being able to select the device/hardware handler plug-in to use. This resulted in the application (for example, multipath) not working properly. With this update, the kernel has been modified to allow applications to select the device/hardware handler to use, thus resolving this issue.\n(BZ#739900)\n\n* This update improves the performance of delete/unlink operations in a GFS2 file system with large files by adding a layer of metadata read-ahead for indirect blocks. (BZ#743805)\n\nUsers should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-01-24T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2011:1419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-3209"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "cpe:/o:redhat:enterprise_linux:5.6"], "id": "REDHAT-RHSA-2011-1419.NASL", "href": "https://www.tenable.com/plugins/nessus/64005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1419. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64005);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3188\", \"CVE-2011-3209\");\n script_bugtraq_id(49289, 50311);\n script_xref(name:\"RHSA\", value:\"2011:1419\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2011:1419)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and four bugs are\nnow available for Red Hat Enterprise Linux 5.6 Extended Update\nSupport.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* The way IPv4 and IPv6 protocol sequence numbers and fragment IDs\nwere generated could allow a man-in-the-middle attacker to inject\npackets and possibly hijack connections. Protocol sequence numbers and\nfragment IDs are now more random. (CVE-2011-3188, Moderate)\n\n* A flaw was found in the Linux kernel's clock implementation on\n32-bit, SMP (symmetric multiprocessing) systems. A local, unprivileged\nuser could use this flaw to cause a divide error fault, resulting in a\ndenial of service. (CVE-2011-3209, Moderate)\n\nRed Hat would like to thank Dan Kaminsky for reporting CVE-2011-3188,\nand Yasuaki Ishimatsu for reporting CVE-2011-3209.\n\nIn addition, this update fixes the following bugs :\n\n* When the Global File System 2 (GFS2) file system is suspended, its\ndelete work queue is also suspended, along with any pending work on\nthe queue. Prior to this update, if GFS2's transaction lock was\ndemoted while the delete work queue was suspended, a deadlock could\noccur on the file system because the file system tried to flush the\nwork queue in the lock demotion code. With this update, the delete\nwork queue is no longer flushed by the lock demotion code, and a\ndeadlock no longer occurs. Instead, the work queue is flushed by the\nunmount operation, so that pending work is properly completed.\n(BZ#733678)\n\n* A previously applied patch introduced a regression for third-party\nfile systems that do not set the FS_HAS_IODONE2 flag, specifically,\nOracle Cluster File System 2 (OCFS2). The patch removed a call to the\naio_complete function, resulting in no completion events being\nprocessed, causing user-space applications to become unresponsive.\nThis update reintroduces the aio_complete function call, fixing this\nissue. (BZ#734156)\n\n* Certain devices support multiple operation modes. For example, EMC\nCLARiiON disk arrays support ALUA mode and their own vendor specific\nmode for failover. In Red Hat Enterprise Linux 5.5, a bug was\ndiscovered that prevented tools such as multipath from being able to\nselect the device/hardware handler plug-in to use. This resulted in\nthe application (for example, multipath) not working properly. With\nthis update, the kernel has been modified to allow applications to\nselect the device/hardware handler to use, thus resolving this issue.\n(BZ#739900)\n\n* This update improves the performance of delete/unlink operations in\na GFS2 file system with large files by adding a layer of metadata\nread-ahead for indirect blocks. (BZ#743805)\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-3188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-3209.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1419.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"kernel-doc-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-238.28.1.el5\")) flag++;\nif (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-238.28.1.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:23", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)", "cvss3": {"score": null, "vector": null}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "USN-1280-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-2496"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1280-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56948", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1280-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56948);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2496\");\n script_xref(name:\"USN\", value:\"1280-1\");\n\n script_name(english:\"USN-1280-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that CIFS incorrectly handled authentication. When\na user had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1280-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011-2012 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.27\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:ubuntu_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:59:41", "description": "Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 : linux vulnerabilities (USN-1246-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:11.04"], "id": "UBUNTU_USN-1246-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1246-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56645);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(48804);\n script_xref(name:\"USN\", value:\"1246-1\");\n\n script_name(english:\"Ubuntu 11.04 : linux vulnerabilities (USN-1246-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1246-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1246-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-12-generic\", pkgver:\"2.6.38-12.51\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-12-generic-pae\", pkgver:\"2.6.38-12.51\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-12-server\", pkgver:\"2.6.38-12.51\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-12-versatile\", pkgver:\"2.6.38-12.51\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-12-virtual\", pkgver:\"2.6.38-12.51\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:49:54", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n - Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges.\n (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important)\n\n - A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, a previous ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate)\n\n - A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n - A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n - A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n - A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n - A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate)\n\n - A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space.\n (CVE-2011-1160, Low)\n\n - Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low)\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111005_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61148", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61148);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n - Flaws in the AGPGART driver implementation when handling\n certain IOCTL commands could allow a local user to cause\n a denial of service or escalate their privileges.\n (CVE-2011-1745, CVE-2011-2022, Important)\n\n - An integer overflow flaw in agp_allocate_memory() could\n allow a local user to cause a denial of service or\n escalate their privileges. (CVE-2011-1746, Important)\n\n - A race condition flaw was found in the Linux kernel's\n eCryptfs implementation. A local attacker could use the\n mount.ecryptfs_private utility to mount (and then\n access) a directory they would otherwise not have access\n to. Note: To correct this issue, a previous\n ecryptfs-utils update, which provides the user-space\n part of the fix, must also be installed. (CVE-2011-1833,\n Moderate)\n\n - A denial of service flaw was found in the way the\n taskstats subsystem handled the registration of process\n exit handlers. A local, unprivileged user could register\n an unlimited amount of these handlers, leading to\n excessive CPU time and memory use. (CVE-2011-2484,\n Moderate)\n\n - A flaw was found in the way mapping expansions were\n handled. A local, unprivileged user could use this flaw\n to cause a wrapping condition, triggering a denial of\n service. (CVE-2011-2496, Moderate)\n\n - A flaw was found in the Linux kernel's Performance\n Events implementation. It could falsely lead the NMI\n (Non-Maskable Interrupt) Watchdog to detect a lockup and\n panic the system. A local, unprivileged user could use\n this flaw to cause a denial of service (kernel panic)\n using the perf tool. (CVE-2011-2521, Moderate)\n\n - A flaw in skb_gro_header_slow() in the Linux kernel\n could lead to GRO (Generic Receive Offload) fields being\n left in an inconsistent state. An attacker on the local\n network could use this flaw to trigger a denial of\n service. GRO is enabled by default in all network\n drivers that support it. (CVE-2011-2723, Moderate)\n\n - A flaw was found in the way the Linux kernel's\n Performance Events implementation handled\n PERF_COUNT_SW_CPU_CLOCK counter overflow. A local,\n unprivileged user could use this flaw to cause a denial\n of service. (CVE-2011-2918, Moderate)\n\n - A flaw was found in the Linux kernel's Trusted Platform\n Module (TPM) implementation. A local, unprivileged user\n could use this flaw to leak information to user-space.\n (CVE-2011-1160, Low)\n\n - Flaws were found in the tpacket_rcv() and\n packet_recvmsg() functions in the Linux kernel. A local,\n unprivileged user could use these flaws to leak\n information to user-space. (CVE-2011-2898, Low)\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=443\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b64db1a1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:53", "description": "Updated kernel packages that fix several security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThis update fixes the following security issues :\n\n* Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges.\n(CVE-2011-1746, Important)\n\n* A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate)\n\n* A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use.\n(CVE-2011-2484, Moderate)\n\n* A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n* A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n* A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)\n\n* A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate)\n\n* A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. (CVE-2011-1160, Low)\n\n* Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833.\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the Technical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-06T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2011:1350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/56404", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1350. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56404);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n script_bugtraq_id(46866, 47321, 47534, 47535, 47843, 48383, 48580, 48929, 49108, 49152);\n script_xref(name:\"RHSA\", value:\"2011:1350\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2011:1350)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues, various\nbugs, and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* Flaws in the AGPGART driver implementation when handling certain\nIOCTL commands could allow a local user to cause a denial of service\nor escalate their privileges. (CVE-2011-1745, CVE-2011-2022,\nImportant)\n\n* An integer overflow flaw in agp_allocate_memory() could allow a\nlocal user to cause a denial of service or escalate their privileges.\n(CVE-2011-1746, Important)\n\n* A race condition flaw was found in the Linux kernel's eCryptfs\nimplementation. A local attacker could use the mount.ecryptfs_private\nutility to mount (and then access) a directory they would otherwise\nnot have access to. Note: To correct this issue, the RHSA-2011:1241\necryptfs-utils update, which provides the user-space part of the fix,\nmust also be installed. (CVE-2011-1833, Moderate)\n\n* A denial of service flaw was found in the way the taskstats\nsubsystem handled the registration of process exit handlers. A local,\nunprivileged user could register an unlimited amount of these\nhandlers, leading to excessive CPU time and memory use.\n(CVE-2011-2484, Moderate)\n\n* A flaw was found in the way mapping expansions were handled. A\nlocal, unprivileged user could use this flaw to cause a wrapping\ncondition, triggering a denial of service. (CVE-2011-2496, Moderate)\n\n* A flaw was found in the Linux kernel's Performance Events\nimplementation. It could falsely lead the NMI (Non-Maskable Interrupt)\nWatchdog to detect a lockup and panic the system. A local,\nunprivileged user could use this flaw to cause a denial of service\n(kernel panic) using the perf tool. (CVE-2011-2521, Moderate)\n\n* A flaw in skb_gro_header_slow() in the Linux kernel could lead to\nGRO (Generic Receive Offload) fields being left in an inconsistent\nstate. An attacker on the local network could use this flaw to trigger\na denial of service. GRO is enabled by default in all network drivers\nthat support it. (CVE-2011-2723, Moderate)\n\n* A flaw was found in the way the Linux kernel's Performance Events\nimplementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A\nlocal, unprivileged user could use this flaw to cause a denial of\nservice. (CVE-2011-2918, Moderate)\n\n* A flaw was found in the Linux kernel's Trusted Platform Module (TPM)\nimplementation. A local, unprivileged user could use this flaw to leak\ninformation to user-space. (CVE-2011-1160, Low)\n\n* Flaws were found in the tpacket_rcv() and packet_recvmsg() functions\nin the Linux kernel. A local, unprivileged user could use these flaws\nto leak information to user-space. (CVE-2011-2898, Low)\n\nRed Hat would like to thank Vasiliy Kulikov of Openwall for reporting\nCVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the\nUbuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for\nreporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent\nMeshier for reporting CVE-2011-2723; and Peter Huewe for reporting\nCVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov\nof Openwall and Dan Rosenberg as the original reporters of\nCVE-2011-1833.\n\nThis update also fixes various bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs and add\nthe enhancement noted in the Technical Notes. The system must be\nrebooted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2918\"\n );\n # https://rhn.redhat.com/errata/RHSA-2011-1241.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1241\"\n );\n # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1350\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2011:1350\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1350\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-131.17.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-09T02:01:19", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1350 advisory.\n\n - The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors. (CVE-2011-1160)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid. (CVE-2011-1833)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745. (CVE-2011-2022)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not prevent multiple registrations of exit handlers, which allows local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that expands a memory mapping. (CVE-2011-2496)\n\n - The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program. (CVE-2011-2521)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\n - The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application. (CVE-2011-2918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2011-1350)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1160", "CVE-2011-1745", "CVE-2011-1746", "CVE-2011-1833", "CVE-2011-2022", "CVE-2011-2484", "CVE-2011-2496", "CVE-2011-2521", "CVE-2011-2723", "CVE-2011-2898", "CVE-2011-2918"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf"], "id": "ORACLELINUX_ELSA-2011-1350.NASL", "href": "https://www.tenable.com/plugins/nessus/68364", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2011-1350.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68364);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2011-1160\",\n \"CVE-2011-1745\",\n \"CVE-2011-1746\",\n \"CVE-2011-1833\",\n \"CVE-2011-2022\",\n \"CVE-2011-2484\",\n \"CVE-2011-2496\",\n \"CVE-2011-2521\",\n \"CVE-2011-2723\",\n \"CVE-2011-2898\",\n \"CVE-2011-2918\"\n );\n script_bugtraq_id(\n 46866,\n 47321,\n 47534,\n 47535,\n 47843,\n 48383,\n 48580,\n 48802,\n 48929,\n 48986,\n 49108,\n 49152\n );\n script_xref(name:\"RHSA\", value:\"2011:1350\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2011-1350)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2011-1350 advisory.\n\n - The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a\n certain buffer, which allows local users to obtain potentially sensitive information from kernel memory\n via unspecified vectors. (CVE-2011-1160)\n\n - Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux\n kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service (system crash)\n via a crafted AGPIOC_BIND agp_ioctl ioctl call. (CVE-2011-1745)\n\n - Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in\n drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allow local users to trigger buffer\n overflows, and consequently cause a denial of service (system crash) or possibly have unspecified other\n impact, via vectors related to calls that specify a large number of memory pages. (CVE-2011-1746)\n\n - Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux\n kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private\n mount with a mismatched uid. (CVE-2011-1833)\n\n - The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5\n does not validate a certain start parameter, which allows local users to gain privileges or cause a denial\n of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than\n CVE-2011-1745. (CVE-2011-2022)\n\n - The add_del_listener function in kernel/taskstats.c in the Linux kernel 2.6.39.1 and earlier does not\n prevent multiple registrations of exit handlers, which allows local users to cause a denial of service\n (memory and CPU consumption), and bypass the OOM Killer, via a crafted application. (CVE-2011-2484)\n\n - Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows\n local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system call that\n expands a memory mapping. (CVE-2011-2496)\n\n - The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem\n in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to\n cause a denial of service (panic) via the perf program. (CVE-2011-2521)\n\n - The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when\n Generic Receive Offload (GRO) is enabled, resets certain fields in incorrect situations, which allows\n remote attackers to cause a denial of service (system crash) via crafted network traffic. (CVE-2011-2723)\n\n - net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to\n certain packet data structures associated with VLAN Tag Control Information, which allows local users to\n obtain potentially sensitive information via a crafted application. (CVE-2011-2898)\n\n - The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows\n associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service\n (system hang) via a crafted application. (CVE-2011-2918)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2011-1350.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-2022\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-131.17.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-1350');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-131.17.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-131.17.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-131.17.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:51", "description": "Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)", "cvss3": {"score": null, "vector": null}, "published": "2011-10-13T00:00:00", "type": "nessus", "title": "USN-1228-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56479", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1228-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56479);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"USN\", value:\"1228-1\");\n\n script_name(english:\"USN-1228-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Timo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/12\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/10/13\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"linux-image-2.6.38-1209-omap4\", pkgver:\"2.6.38-1209.16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:43", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1833", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3593"], "modified": "2013-03-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1240-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56639", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1240-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56639);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/03/09 00:53:51 $\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n script_xref(name:\"USN\", value:\"1240-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-mvl-dove vulnerabilities (USN-1240-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local\nuser who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6.32-219-dove package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-219-dove\", pkgver:\"2.6.32-219.37\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:43", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-09T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1833", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3593"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1253-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1253-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56747);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n script_bugtraq_id(48472, 48697, 48802, 48907, 49108, 49140, 49256, 49289, 49295, 49408, 50314);\n script_xref(name:\"USN\", value:\"1253-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1253-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local\nuser who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1253-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1253-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-386\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-generic\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-generic-pae\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-lpia\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-preempt\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-server\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-versatile\", pkgver:\"2.6.32-35.78\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-35-virtual\", pkgver:\"2.6.32-35.78\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:37", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1239-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1833", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3593"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1239-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56638", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1239-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56638);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n script_xref(name:\"USN\", value:\"1239-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1239-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local\nuser who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1239-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1239-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-319-ec2\", pkgver:\"2.6.32-319.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:41", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1833", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3593"], "modified": "2013-03-09T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1245-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56644", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1245-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56644);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/03/09 00:53:51 $\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3593\");\n script_xref(name:\"USN\", value:\"1245-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux-mvl-dove vulnerabilities (USN-1245-1)\");\n script_summary(english:\"Checks dpkg output for updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nChristian Ohm discovered that the perf command looks for configuration\nfiles in the current directory. If a privileged user were tricked into\nrunning perf in a directory containing a malicious configuration file,\nan attacker could run arbitrary commands and possibly gain privileges.\n(CVE-2011-2905)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nHan-Wen Nienhuys reported a flaw in the FUSE kernel module. A local\nuser who can mount a FUSE file system could cause a denial of service.\n(CVE-2011-3353)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6.32-419-dove package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2013 Canonical, Inc. / NASL script (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/Ubuntu/release\") ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.32-419-dove\", pkgver:\"2.6.32-419.37\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:27", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2525", "CVE-2011-3209"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1268-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1268-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56911);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_bugtraq_id(47852, 47853, 48641, 50311);\n script_xref(name:\"USN\", value:\"1268-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1268-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1268-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1268-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-386\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-generic\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpia\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-lpiacompat\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-openvz\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-rt\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-server\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-virtual\", pkgver:\"2.6.24-30.96\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-30-xen\", pkgver:\"2.6.24-30.96\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:27", "description": "The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to version 2.6.32.49 and fixes various bugs and security issues.\n\n - The TCP/IP initial sequence number generation effectively only used 24 bits of 32 to generate randomness, making a brute-force man-in-the-middle attack on TCP/IP connections feasible. The generator was changed to use full 32bit randomness. (CVE-2011-3188)\n\n - Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n (CVE-2011-2699)\n\n - A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel. (CVE-2011-2203)\n\n - Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks. (CVE-2011-1833)\n\n - The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478. (CVE-2011-1576)\n\n - A name overflow in the hfs filesystem was fixed, where mounting a corrupted hfs filesystem could lead to a stack overflow and code execution in the kernel. This requires a local attacker to be able to mount hfs filesystems. (CVE-2011-4330)\n\n - A bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nThe following non-security bugs have been fixed :\n\n - ALSA: hda - Fix S3/S4 problem on machines with VREF-pin mute-LED. (bnc#732535)\n\n - patches.xen/xen-pcpu-hotplug: Fix a double kfree().\n\n - ixgbe: fix bug with vlan strip in promsic mode (bnc#687049, fate#311821).\n\n - ixgbe: fix panic when shutting down system with WoL enabled.\n\n - fnic: Allow users to modify dev_loss_tmo setting.\n (bnc#719786)\n\n - x86, intel: Do not mark sched_clock() as stable.\n (bnc#725709)\n\n - ALSA: hda - Keep vref-LED during power-saving on IDT codecs. (bnc#731981)\n\n - cifs: Assume passwords are encoded according to iocharset. (bnc#731035)\n\n - scsi_dh: Check queuedata pointer before proceeding.\n (bnc#714744)\n\n - netback: use correct index for invalidation in netbk_tx_check_mop().\n\n - ACPI video: introduce module parameter video.use_bios_initial_backlight. (bnc#731229)\n\n - SUNRPC: prevent task_cleanup running on freed xprt.\n (bnc#709671)\n\n - add device entry for Broadcom Valentine combo card.\n (bnc#722429)\n\n - quota: Fix WARN_ON in lookup_one_len. (bnc#728626)\n\n - Update Xen patches to 2.6.32.48.\n\n - pv-on-hvm/kexec: add xs_reset_watches to shutdown watches from old kernel. (bnc#694863)\n\n - x86: undo_limit_pages() must reset page count.\n\n - mm/vmstat.c: cache align vm_stat. (bnc#729721)\n\n - s390/ccwgroup: fix uevent vs dev attrs race (bnc#659101,LTC#69028).\n\n - Warn on pagecache limit usage (FATE309111).\n\n - SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)\n\n - ACPI: introduce 'acpi_rsdp=' parameter for kdump.\n (bnc#717263)\n\n - elousb: Limit the workaround warning to one per error, control workaround activity. (bnc#719916)\n\n - SCSI: libiscsi: reset cmd timer if cmds are making progress. (bnc#691440)\n\n - SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)\n\n - NFS/sunrpc: do not use a credential with extra groups.\n (bnc#725878)\n\n - s390/qdio: EQBS retry after CCQ 96 (bnc#725453,LTC#76117).\n\n - fcoe: Reduce max_sectors to 1024. (bnc#695898)\n\n - apparmor: return -ENOENT when there is no profile for a hat. (bnc#725502)\n\n - sched, cgroups: disallow attaching kthreadd.\n (bnc#721840)\n\n - nfs: Check validity of cl_rpcclient in nfs_server_list_show. (bnc#717884)\n\n - x86, vt-d: enable x2apic opt out (disabling x2apic through BIOS flag) (bnc#701183, fate#311989).\n\n - block: Free queue resources at blk_release_queue().\n (bnc#723815)\n\n - ALSA: hda - Add post_suspend patch ops. (bnc#724800)\n\n - ALSA: hda - Allow codec-specific set_power_state ops.\n (bnc#724800)\n\n - ALSA: hda - Add support for vref-out based mute LED control on IDT codecs. (bnc#724800)\n\n - scsi_dh_rdac : Add definitions for different RDAC operating modes. (bnc#724365)\n\n - scsi_dh_rdac : Detect the different RDAC operating modes. (bnc#724365)\n\n - scsi_dh_rdac : decide whether to send mode select based on operating mode. (bnc#724365)\n\n - scsi_dh_rdac: Use WWID from C8 page instead of Subsystem id from C4 page to identify storage. (bnc#724365)\n\n - vlan: Match underlying dev carrier on vlan add.\n (bnc#722504)\n\n - scsi_lib: pause between error retries. (bnc#675127)\n\n - xfs: use KM_NOFS for allocations during attribute list operations. (bnc#721830)\n\n - bootsplash: Do not crash when no fb is set. (bnc#723542)\n\n - cifs: do not allow cifs_iget to match inodes of the wrong type. (bnc#711501)\n\n - cifs: fix noserverino handling when 1 extensions are enabled. (bnc#711501)\n\n - cifs: reduce false positives with inode aliasing serverino autodisable. (bnc#711501)\n\n - parport_pc: release IO region properly if unsupported ITE887x card is found. (bnc#721464)\n\n - writeback: avoid unnecessary calculation of bdi dirty thresholds. (bnc#721299)\n\n - 1: Fix bogus it_blocksize in VIO iommu code.\n (bnc#717690)\n\n - ext4: Fix max file size and logical block counting of extent format file. (bnc#706374)\n\n - novfs: Unable to change password in the Novell Client for Linux. (bnc#713229)\n\n - xfs: add more ilock tracing.\n\n - sched: move wakeup tracepoint above out_running.\n (bnc#712002)\n\n - config.conf: Build KMPs for the -trace flavor as well (fate#312759, bnc#712404, bnc#712405, bnc#721337).\n\n - memsw: remove noswapaccount kernel parameter.\n (bnc#719450)", "cvss3": {"score": null, "vector": null}, "published": "2011-12-14T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1478", "CVE-2011-1576", "CVE-2011-1833", "CVE-2011-2203", "CVE-2011-2699", "CVE-2011-3188", "CVE-2011-4326", "CVE-2011-4330"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae", "p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace", "p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae", "p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_KERNEL-111202.NASL", "href": "https://www.tenable.com/plugins/nessus/57297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57297);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1478\", \"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2203\", \"CVE-2011-2699\", \"CVE-2011-3188\", \"CVE-2011-4326\", \"CVE-2011-4330\");\n\n script_name(english:\"SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5493 / 5510 / 5511)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 1 kernel has been updated to\nversion 2.6.32.49 and fixes various bugs and security issues.\n\n - The TCP/IP initial sequence number generation\n effectively only used 24 bits of 32 to generate\n randomness, making a brute-force man-in-the-middle\n attack on TCP/IP connections feasible. The generator was\n changed to use full 32bit randomness. (CVE-2011-3188)\n\n - Fernando Gont discovered that the IPv6 stack used\n predictable fragment identification numbers. A remote\n attacker could exploit this to exhaust network\n resources, leading to a denial of service.\n (CVE-2011-2699)\n\n - A NULL ptr dereference on mounting corrupt hfs\n filesystems was fixed which could be used by local\n attackers to crash the kernel. (CVE-2011-2203)\n\n - Added a kernel option to ensure ecryptfs is mounting\n only on paths belonging to the current ui, which would\n have allowed local attackers to potentially gain\n privileges via symlink attacks. (CVE-2011-1833)\n\n - The Generic Receive Offload (GRO) implementation in the\n Linux kernel allowed remote attackers to cause a denial\n of service via crafted VLAN packets that are processed\n by the napi_reuse_skb function, leading to (1) a memory\n leak or (2) memory corruption, a different vulnerability\n than CVE-2011-1478. (CVE-2011-1576)\n\n - A name overflow in the hfs filesystem was fixed, where\n mounting a corrupted hfs filesystem could lead to a\n stack overflow and code execution in the kernel. This\n requires a local attacker to be able to mount hfs\n filesystems. (CVE-2011-4330)\n\n - A bug was found in the way headroom check was performed\n in udp6_ufo_fragment() function. A remote attacker could\n use this flaw to crash the system. (CVE-2011-4326)\n\nThe following non-security bugs have been fixed :\n\n - ALSA: hda - Fix S3/S4 problem on machines with VREF-pin\n mute-LED. (bnc#732535)\n\n - patches.xen/xen-pcpu-hotplug: Fix a double kfree().\n\n - ixgbe: fix bug with vlan strip in promsic mode\n (bnc#687049, fate#311821).\n\n - ixgbe: fix panic when shutting down system with WoL\n enabled.\n\n - fnic: Allow users to modify dev_loss_tmo setting.\n (bnc#719786)\n\n - x86, intel: Do not mark sched_clock() as stable.\n (bnc#725709)\n\n - ALSA: hda - Keep vref-LED during power-saving on IDT\n codecs. (bnc#731981)\n\n - cifs: Assume passwords are encoded according to\n iocharset. (bnc#731035)\n\n - scsi_dh: Check queuedata pointer before proceeding.\n (bnc#714744)\n\n - netback: use correct index for invalidation in\n netbk_tx_check_mop().\n\n - ACPI video: introduce module parameter\n video.use_bios_initial_backlight. (bnc#731229)\n\n - SUNRPC: prevent task_cleanup running on freed xprt.\n (bnc#709671)\n\n - add device entry for Broadcom Valentine combo card.\n (bnc#722429)\n\n - quota: Fix WARN_ON in lookup_one_len. (bnc#728626)\n\n - Update Xen patches to 2.6.32.48.\n\n - pv-on-hvm/kexec: add xs_reset_watches to shutdown\n watches from old kernel. (bnc#694863)\n\n - x86: undo_limit_pages() must reset page count.\n\n - mm/vmstat.c: cache align vm_stat. (bnc#729721)\n\n - s390/ccwgroup: fix uevent vs dev attrs race\n (bnc#659101,LTC#69028).\n\n - Warn on pagecache limit usage (FATE309111).\n\n - SCSI: st: fix race in st_scsi_execute_end. (bnc#720536)\n\n - ACPI: introduce 'acpi_rsdp=' parameter for kdump.\n (bnc#717263)\n\n - elousb: Limit the workaround warning to one per error,\n control workaround activity. (bnc#719916)\n\n - SCSI: libiscsi: reset cmd timer if cmds are making\n progress. (bnc#691440)\n\n - SCSI: fix crash in scsi_dispatch_cmd(). (bnc#724989)\n\n - NFS/sunrpc: do not use a credential with extra groups.\n (bnc#725878)\n\n - s390/qdio: EQBS retry after CCQ 96\n (bnc#725453,LTC#76117).\n\n - fcoe: Reduce max_sectors to 1024. (bnc#695898)\n\n - apparmor: return -ENOENT when there is no profile for a\n hat. (bnc#725502)\n\n - sched, cgroups: disallow attaching kthreadd.\n (bnc#721840)\n\n - nfs: Check validity of cl_rpcclient in\n nfs_server_list_show. (bnc#717884)\n\n - x86, vt-d: enable x2apic opt out (disabling x2apic\n through BIOS flag) (bnc#701183, fate#311989).\n\n - block: Free queue resources at blk_release_queue().\n (bnc#723815)\n\n - ALSA: hda - Add post_suspend patch ops. (bnc#724800)\n\n - ALSA: hda - Allow codec-specific set_power_state ops.\n (bnc#724800)\n\n - ALSA: hda - Add support for vref-out based mute LED\n control on IDT codecs. (bnc#724800)\n\n - scsi_dh_rdac : Add definitions for different RDAC\n operating modes. (bnc#724365)\n\n - scsi_dh_rdac : Detect the different RDAC operating\n modes. (bnc#724365)\n\n - scsi_dh_rdac : decide whether to send mode select based\n on operating mode. (bnc#724365)\n\n - scsi_dh_rdac: Use WWID from C8 page instead of Subsystem\n id from C4 page to identify storage. (bnc#724365)\n\n - vlan: Match underlying dev carrier on vlan add.\n (bnc#722504)\n\n - scsi_lib: pause between error retries. (bnc#675127)\n\n - xfs: use KM_NOFS for allocations during attribute list\n operations. (bnc#721830)\n\n - bootsplash: Do not crash when no fb is set. (bnc#723542)\n\n - cifs: do not allow cifs_iget to match inodes of the\n wrong type. (bnc#711501)\n\n - cifs: fix noserverino handling when 1 extensions are\n enabled. (bnc#711501)\n\n - cifs: reduce false positives with inode aliasing\n serverino autodisable. (bnc#711501)\n\n - parport_pc: release IO region properly if unsupported\n ITE887x card is found. (bnc#721464)\n\n - writeback: avoid unnecessary calculation of bdi dirty\n thresholds. (bnc#721299)\n\n - 1: Fix bogus it_blocksize in VIO iommu code.\n (bnc#717690)\n\n - ext4: Fix max file size and logical block counting of\n extent format file. (bnc#706374)\n\n - novfs: Unable to change password in the Novell Client\n for Linux. (bnc#713229)\n\n - xfs: add more ilock tracing.\n\n - sched: move wakeup tracepoint above out_running.\n (bnc#712002)\n\n - config.conf: Build KMPs for the -trace flavor as well\n (fate#312759, bnc#712404, bnc#712405, bnc#721337).\n\n - memsw: remove noswapaccount kernel parameter.\n (bnc#719450)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=659101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=675127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=691440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=694863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=695898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=699709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=701183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=707288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=709671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=721840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=722504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=723542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=723815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=724989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=725878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=728626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=729721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=731981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1478.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1576.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1833.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2203.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2699.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4326.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4330.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 5493 / 5510 / 5511 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-default-extra-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-desktop-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-extra-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-source-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-syms-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-trace-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-extra-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-default-extra-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-desktop-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-source-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-syms-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-trace-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-extra-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"btrfs-kmp-default-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ext4dev-kmp-default-0_2.6.32.49_0.3-7.9.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ext4dev-kmp-trace-0_2.6.32.49_0.3-7.9.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-default-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-source-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-syms-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"kernel-trace-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-pae-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-pae-0_2.6.32.49_0.3-7.9.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"ext4dev-kmp-xen-0_2.6.32.49_0.3-7.9.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-pae-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"hyper-v-kmp-trace-0_2.6.32.49_0.3-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-ec2-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-pae-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"kernel-xen-devel-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"kernel-default-man-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"btrfs-kmp-xen-0_2.6.32.49_0.3-0.3.66\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"ext4dev-kmp-xen-0_2.6.32.49_0.3-7.9.33\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-default-0_2.6.32.49_0.3-0.14.17\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"hyper-v-kmp-trace-0_2.6.32.49_0.3-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-ec2-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-base-2.6.32.49-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.32.49-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:59:52", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-30T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1219-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3191", "CVE-2011-3593"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1219-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1219-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56344);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-3593\");\n script_bugtraq_id(47796, 48472, 48802, 48907, 49108, 49256, 49295);\n script_xref(name:\"USN\", value:\"1219-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1219-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1219-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-3593\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1219-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-30-generic\", pkgver:\"2.6.35-30.60~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-30-generic-pae\", pkgver:\"2.6.35-30.60~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-30-server\", pkgver:\"2.6.35-30.60~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-30-virtual\", pkgver:\"2.6.35-30.60~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:46", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0 frames. An attacker on the local network could exploit this flaw to cause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1227-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3191", "CVE-2011-3593"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1227-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1227-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56466);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-3593\");\n script_bugtraq_id(47796, 48333, 48472, 48802, 48804, 48907, 48929, 49108, 49152, 49256, 49295);\n script_xref(name:\"USN\", value:\"1227-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1227-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nGideon Naim discovered a flaw in the Linux kernel's handling VLAN 0\nframes. An attacker on the local network could exploit this flaw to\ncause a denial of service. (CVE-2011-3593).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1227-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3191\", \"CVE-2011-3593\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1227-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-generic\", pkgver:\"2.6.35-30.60\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-generic-pae\", pkgver:\"2.6.35-30.60\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-server\", pkgver:\"2.6.35-30.60\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-versatile\", pkgver:\"2.6.35-30.60\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-30-virtual\", pkgver:\"2.6.35-30.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:23", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-4067 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald module, a driver for Auerswald PBX/System Telephone USB devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-0712 Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq module, a USB driver for Native Instruments USB audio devices. Attackers with physical access to a system's USB ports could obtain elevated privileges using a specially crafted USB device.\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-2209 Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the alpha architecture. Local users could obtain access to sensitive kernel memory.\n\n - CVE-2011-2211 Dan Rosenberg discovered an issue in the osf_wait4() system call on the alpha architecture permitting local users to gain elevated privileges.\n\n - CVE-2011-2213 Dan Rosenberg discovered an issue in the INET socket monitoring interface. Local users could cause a denial of service by injecting code and causing the kernel to execute an infinite loop.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-09-26T00:00:00", "type": "nessus", "title": "Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-0712", "CVE-2011-1020", "CVE-2011-1768", "CVE-2011-2209", "CVE-2011-2211", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2525", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2310.NASL", "href": "https://www.tenable.com/plugins/nessus/56285", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2310. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56285);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-0712\", \"CVE-2011-1020\", \"CVE-2011-2209\", \"CVE-2011-2211\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2525\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46419, 46567, 47321, 48254, 48333, 48383, 48441, 48472, 48641, 48687, 49141, 49256, 49289, 49295, 49408);\n script_xref(name:\"DSA\", value:\"2310\");\n\n script_name(english:\"Debian DSA-2310-1 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems :\n\n - CVE-2009-4067\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the auerswald module, a driver for Auerswald\n PBX/System Telephone USB devices. Attackers with\n physical access to a system's USB ports could obtain\n elevated privileges using a specially crafted USB\n device.\n\n - CVE-2011-0712\n Rafael Dominguez Vega of MWR InfoSecurity reported an\n issue in the caiaq module, a USB driver for Native\n Instruments USB audio devices. Attackers with physical\n access to a system's USB ports could obtain elevated\n privileges using a specially crafted USB device.\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-2209\n Dan Rosenberg discovered an issue in the osf_sysinfo()\n system call on the alpha architecture. Local users could\n obtain access to sensitive kernel memory.\n\n - CVE-2011-2211\n Dan Rosenberg discovered an issue in the osf_wait4()\n system call on the alpha architecture permitting local\n users to gain elevated privileges.\n\n - CVE-2011-2213\n Dan Rosenberg discovered an issue in the INET socket\n monitoring interface. Local users could cause a denial\n of service by injecting code and causing the kernel to\n execute an infinite loop.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-4067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-0712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2310\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages. These updates will\nnot become active until after the system is rebooted.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny4. Updates for arm and alpha are not yet\navailable, but will be released as soon as possible. Updates for the\nhppa and ia64 architectures will be included in the upcoming 5.0.9\npoint release.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 5.0 (lenny) \n user-mode-linux 2.6.26-1um-2+26lenny4 \nNote: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or 'leap-frog' fashion.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"linux-base\", reference:\"2.6.26-26lenny4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:45", "description": "Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)", "cvss3": {"score": null, "vector": null}, "published": "2011-09-30T00:00:00", "type": "nessus", "title": "USN-1220-1 : linux-ti-omap4 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1220-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56345", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1220-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56345);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_xref(name:\"USN\", value:\"1220-1\");\n\n script_name(english:\"USN-1220-1 : linux-ti-omap4 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"Ryan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1220-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/29\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2011/09/30\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-903-omap4\", pkgver:\"2.6.35-903.25\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:38", "description": "It was discovered that the Auerswald usb driver incorrectly handled lengths of the USB string descriptors. A local attacker with physical access could insert a specially crafted USB device and gain root privileges. (CVE-2009-4067)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2011-10-21T00:00:00", "type": "nessus", "title": "Ubuntu 8.04 LTS : linux vulnerabilities (USN-1236-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1573", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-3188"], "modified": "2020-02-13T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-1236-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56583", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1236-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56583);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2020/02/13\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1573\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-3188\");\n script_bugtraq_id(47308, 48687, 49289, 49408);\n script_xref(name:\"USN\", value:\"1236-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS : linux vulnerabilities (USN-1236-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the Auerswald usb driver incorrectly handled\nlengths of the USB string descriptors. A local attacker with physical\naccess could insert a specially crafted USB device and gain root\nprivileges. (CVE-2009-4067)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1236-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpiacompat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2020 Canonical, Inc. / NASL script (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2009-4067\", \"CVE-2011-1573\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-3188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1236-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-386\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-generic\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpia\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-lpiacompat\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-openvz\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-rt\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-server\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-virtual\", pkgver:\"2.6.24-29.95\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"linux-image-2.6.24-29-xen\", pkgver:\"2.6.24-29.95\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-386 / linux-image-2.6-generic / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:38", "description": "It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)", "cvss3": {"score": null, "vector": null}, "published": "2011-10-26T00:00:00", "type": "nessus", "title": "USN-1241-1 : linux-fsl-imx51 vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1776", "CVE-2011-2213", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2695", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2016-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux"], "id": "UBUNTU_USN-1241-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56640", "sourceData": "# This script was automatically generated from Ubuntu Security\n# Notice USN-1241-1. It is released under the Nessus Script \n# Licence.\n#\n# Ubuntu Security Notices are (C) Canonical, Inc.\n# See http://www.ubuntu.com/usn/\n# Ubuntu(R) is a registered trademark of Canonical, Inc.\n\nif (!defined_func(\"bn_random\")) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56640);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2016/12/01 20:56:51 $\");\n\n script_cve_id(\"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2695\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n script_xref(name:\"USN\", value:\"1241-1\");\n\n script_name(english:\"USN-1241-1 : linux-fsl-imx51 vulnerabilities\");\n script_summary(english:\"Checks dpkg output for updated package(s)\");\n\n script_set_attribute(attribute:\"synopsis\", value: \n\"The remote Ubuntu host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the Stream Control Transmission Protocol\n(SCTP) implementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain\nVLAN packets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nVasiliy Kulikov discovered that taskstats did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2494)\n\nVasiliy Kulikov discovered that /proc/PID/io did not enforce access\nrestrictions. A local attacker could exploit this to read certain\ninformation, leading to a loss of privacy. (CVE-2011-2495)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nChristian Ohm discovered that the perf command looks for\nconfiguration files in the current directory. If a privileged user\nwere tricked into running perf in a directory containing a malicious\nconfiguration file, an attacker could run arbitrary commands and\npossibly gain privileges. (CVE-2011-2905)\n\nVasiliy Kulikov discovered that the Comedi driver did not correctly\nclear memory. A local attacker could exploit this to read kernel\nstack memory, leading to a loss of privacy. (CVE-2011-2909)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code\nas the root user. (CVE-2011-3191)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ubuntu.com/usn/usn-1241-1/\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package(s).\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/25\");\n\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/26\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(\"Ubuntu Security Notice (C) 2011 Canonical, Inc. / NASL script (C) 2011-2016 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude(\"ubuntu.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/Ubuntu/release\")) exit(0, \"The host is not running Ubuntu.\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) exit(1, \"Could not obtain the list of installed packages.\");\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.31-611-imx51\", pkgver:\"2.6.31-611.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:ubuntu_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:26", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1278-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1278-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56946);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(47381);\n script_xref(name:\"USN\", value:\"1278-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1278-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1278-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1278-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:23", "description": "It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-22T00:00:00", "type": "nessus", "title": "Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-2183", "CVE-2011-2491", "CVE-2011-2496", "CVE-2011-2517"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1272-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1272-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56914);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n script_bugtraq_id(48101, 48538);\n script_xref(name:\"USN\", value:\"1272-1\");\n\n script_name(english:\"Ubuntu 10.10 : linux vulnerabilities (USN-1272-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nAndrea Righi discovered a race condition in the KSM memory merging\nsupport. If KSM was being used, a local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2183)\n\nVasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\nhandled unlock requests. A local attacker could exploit this to cause\na denial of service. (CVE-2011-2491)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nIt was discovered that the wireless stack incorrectly verified SSID\nlengths. A local attacker could exploit this to cause a denial of\nservice or gain root privileges. (CVE-2011-2517).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1272-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2011-1585\", \"CVE-2011-2183\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2517\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1272-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-generic-pae\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-server\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-versatile\", pkgver:\"2.6.35-31.62\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"linux-image-2.6.35-31-virtual\", pkgver:\"2.6.35-31.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:21", "description": "The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-1833: Added a kernel option to ensure ecryptfs is mounting only on paths belonging to the current ui, which would have allowed local attackers to potentially gain privileges via symlink attacks.\n\nCVE-2011-2695: Multiple off-by-one errors in the ext4 subsystem in the Linux kernel allowed local users to cause a denial of service (BUG_ON and system crash) by accessing a sparse file in extent format with a write operation involving a block number corresponding to the largest possible 32-bit unsigned integer.\n\nCVE-2011-3363: Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes.\n\nCVE-2011-2918: In the perf framework software event overflows could deadlock or delete an uninitialized timer.\n\nCVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not check the length of the write so the message processing could overrun and result in a BUG_ON() in fuse_copy_fill(). This flaw could be used by local users able to mount FUSE filesystems to crash the system.\n\nCVE-2011-2183: Fixed a race between ksmd and other memory management code, which could result in a NULL ptr dereference and kernel crash.\n\nCVE-2011-3191: A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies to the host.\n\nCVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.\n\nFollowing non-security bugs were fixed :\n\n - novfs: Unable to change password in the Novell Client for Linux (bnc#713229).\n\n - novfs: last modification time not reliable (bnc#642896).\n\n - novfs: unlink directory after unmap (bnc#649625).\n\n - fs: novfs: Fix exit handlers on local_unlink (bnc#649625).\n\n - novfs: 'Unable to save Login Script' appears when trying to save a user login script (bnc#638985).\n\n - fs: novfs: Limit check for datacopy between user and kernel space.\n\n - novfs: Fix checking of login id (bnc#626119).\n\n - novfs: Set the sticky bit for the novfs mountpoint (bnc#686412).\n\n - ACPICA: Fix issues/fault with automatic 'serialized' method support (bnc#678097).\n\n - drm/radeon/kms: Fix I2C mask definitions (bnc#712023).\n\n - ext4: Fix max file size and logical block counting of extent format file (bnc#706374).\n\n - novfs: fix off-by-one allocation error (bnc#669378 bnc#719710).\n\n - novfs: fix some kmalloc/kfree issues (bnc#669378 bnc#719710).\n\n - novfs: fix some DirCache locking issues (bnc#669378 bnc#719710).\n\n - memsw: remove noswapaccount kernel parameter (bnc#719450).\n\n - Provide memory controller swap extension. Keep the feature disabled by default. Use swapaccount=1 kernel boot parameter for enabling it.\n\n - Config cleanups: CONFIG_OLPC should be enabled only for i386 non PAE\n\n - TTY: pty, fix pty counting (bnc#711203).\n\n - USB: OHCI: fix another regression for NVIDIA controllers (bnc#682204).\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling.\n\n - x86, mtrr: lock stop machine during MTRR rendezvous sequence (bnc#672008).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2011:1222-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1577", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2183", "CVE-2011-2695", "CVE-2011-2918", "CVE-2011-3191", "CVE-2011-3353", "CVE-2011-3363"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vmi-debugsource", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_KERNEL-111026.NASL", "href": "https://www.tenable.com/plugins/nessus/75881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-5359.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75881);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1577\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2183\", \"CVE-2011-2695\", \"CVE-2011-2918\", \"CVE-2011-3191\", \"CVE-2011-3353\", \"CVE-2011-3363\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2011:1222-1)\");\n script_summary(english:\"Check for the kernel-5359 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs\nand security issues.\n\nFollowing security issues have been fixed: CVE-2011-1833: Added a\nkernel option to ensure ecryptfs is mounting only on paths belonging\nto the current ui, which would have allowed local attackers to\npotentially gain privileges via symlink attacks.\n\nCVE-2011-2695: Multiple off-by-one errors in the ext4 subsystem in the\nLinux kernel allowed local users to cause a denial of service (BUG_ON\nand system crash) by accessing a sparse file in extent format with a\nwrite operation involving a block number corresponding to the largest\npossible 32-bit unsigned integer.\n\nCVE-2011-3363: Always check the path in CIFS mounts to avoid\ninteresting filesystem path interaction issues and potential crashes.\n\nCVE-2011-2918: In the perf framework software event overflows could\ndeadlock or delete an uninitialized timer.\n\nCVE-2011-3353: In the fuse filesystem, FUSE_NOTIFY_INVAL_ENTRY did not\ncheck the length of the write so the message processing could overrun\nand result in a BUG_ON() in fuse_copy_fill(). This flaw could be used\nby local users able to mount FUSE filesystems to crash the system.\n\nCVE-2011-2183: Fixed a race between ksmd and other memory management\ncode, which could result in a NULL ptr dereference and kernel crash.\n\nCVE-2011-3191: A signedness issue in CIFS could possibly have lead to\nto memory corruption, if a malicious server could send crafted replies\nto the host.\n\nCVE-2011-1776: The is_gpt_valid function in fs/partitions/efi.c in the\nLinux kernel did not check the size of an Extensible Firmware\nInterface (EFI) GUID Partition Table (GPT) entry, which allowed\nphysically proximate attackers to cause a denial of service\n(heap-based buffer overflow and OOPS) or obtain sensitive information\nfrom kernel heap memory by connecting a crafted GPT storage device, a\ndifferent vulnerability than CVE-2011-1577.\n\nFollowing non-security bugs were fixed :\n\n - novfs: Unable to change password in the Novell Client\n for Linux (bnc#713229).\n\n - novfs: last modification time not reliable (bnc#642896).\n\n - novfs: unlink directory after unmap (bnc#649625).\n\n - fs: novfs: Fix exit handlers on local_unlink\n (bnc#649625).\n\n - novfs: 'Unable to save Login Script' appears when trying\n to save a user login script (bnc#638985).\n\n - fs: novfs: Limit check for datacopy between user and\n kernel space.\n\n - novfs: Fix checking of login id (bnc#626119).\n\n - novfs: Set the sticky bit for the novfs mountpoint\n (bnc#686412).\n\n - ACPICA: Fix issues/fault with automatic 'serialized'\n method support (bnc#678097).\n\n - drm/radeon/kms: Fix I2C mask definitions (bnc#712023).\n\n - ext4: Fix max file size and logical block counting of\n extent format file (bnc#706374).\n\n - novfs: fix off-by-one allocation error (bnc#669378\n bnc#719710).\n\n - novfs: fix some kmalloc/kfree issues (bnc#669378\n bnc#719710).\n\n - novfs: fix some DirCache locking issues (bnc#669378\n bnc#719710).\n\n - memsw: remove noswapaccount kernel parameter\n (bnc#719450).\n\n - Provide memory controller swap extension. Keep the\n feature disabled by default. Use swapaccount=1 kernel\n boot parameter for enabling it.\n\n - Config cleanups: CONFIG_OLPC should be enabled only for\n i386 non PAE\n\n - TTY: pty, fix pty counting (bnc#711203).\n\n - USB: OHCI: fix another regression for NVIDIA controllers\n (bnc#682204).\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl\n handling.\n\n - x86, mtrr: lock stop machine during MTRR rendezvous\n sequence (bnc#672008).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=626119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=649625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=672008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=678097\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=682204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=686412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=697901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=711539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=712366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=713229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=714001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=716901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=718028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719450\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=719710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-debug-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-default-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-desktop-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-ec2-extra-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-pae-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-source-vanilla-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-syms-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-trace-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vanilla-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-vmi-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-base-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-debugsource-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"kernel-xen-devel-debuginfo-2.6.37.6-0.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-1.2_k2.6.37.6_0.9-6.7.20\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-default-debuginfo-1.2_k2.6.37.6_0.9-6.7.20\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-1.2_k2.6.37.6_0.9-6.7.20\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"preload-kmp-desktop-debuginfo-1.2_k2.6.37.6_0.9-6.7.20\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:56:12", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2011-1020 Kees Cook discovered an issue in the /proc filesystem that allows local users to gain access to sensitive process information after execution of a setuid binary.\n\n - CVE-2011-1576 Ryan Sweat discovered an issue in the VLAN implementation. Local users may be able to cause a kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484 Vasiliy Kulikov of Openwall discovered that the number of exit handlers that a process can register is not capped, resulting in local denial of service through resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491 Vasily Averin discovered an issue with the NFS locking implementation. A malicious NFS server can cause a client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492 Marek Kroemeke and Filip Palian discovered that uninitialized struct elements in the Bluetooth subsystem could lead to a leak of sensitive kernel memory through leaked stack memory.\n\n - CVE-2011-2495 Vasiliy Kulikov of Openwall discovered that the io file of a process' proc directory was world-readable, resulting in local information disclosure of information such as password lengths.\n\n - CVE-2011-2496 Robert Swiecki discovered that mremap() could be abused for local denial of service by triggering a BUG_ON assert.\n\n - CVE-2011-2497 Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem, which could lead to denial of service or privilege escalation.\n\n - CVE-2011-2517 It was discovered that the netlink-based wireless configuration interface performed insufficient length validation when parsing SSIDs, resulting in buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a denial of service.\n\n - CVE-2011-2525 Ben Pfaff reported an issue in the network scheduling code. A local user could cause a denial of service (NULL pointer dereference) by sending a specially crafted netlink message.\n\n - CVE-2011-2700 Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the driver for the Si4713 FM Radio Transmitter driver used by N900 devices. Local users could exploit this issue to cause a denial of service or potentially gain elevated privileges.\n\n - CVE-2011-2723 Brent Meshier reported an issue in the GRO (generic receive offload) implementation. This can be exploited by remote users to create a denial of service (system crash) in certain network device configurations.\n\n - CVE-2011-2905 Christian Ohm discovered that the 'perf' analysis tool searches for its config files in the current working directory. This could lead to denial of service or potential privilege escalation if a user with elevated privileges is tricked into running 'perf' in a directory under the control of the attacker.\n\n - CVE-2011-2909 Vasiliy Kulikov of Openwall discovered that a programming error in the Comedi driver could lead to the information disclosure through leaked stack memory.\n\n - CVE-2011-2918 Vince Weaver discovered that incorrect handling of software event overflows in the 'perf' analysis tool could lead to local denial of service.\n\n - CVE-2011-2928 Timo Warns discovered that insufficient validation of Be filesystem images could lead to local denial of service if a malformed filesystem image is mounted.\n\n - CVE-2011-3188 Dan Kaminsky reported a weakness of the sequence number generation in the TCP protocol implementation. This can be used by remote attackers to inject packets into an active session.\n\n - CVE-2011-3191 Darren Lavender reported an issue in the Common Internet File System (CIFS). A malicious file server could cause memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the previous security fix for CVE-2011-1768 (Debian bug #633738).", "cvss3": {"score": null, "vector": null}, "published": "2011-09-09T00:00:00", "type": "nessus", "title": "Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1020", "CVE-2011-1576", "CVE-2011-1768", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-3188", "CVE-2011-3191"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-2.6", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DSA-2303.NASL", "href": "https://www.tenable.com/plugins/nessus/56130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2303. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56130);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1020\", \"CVE-2011-1576\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_bugtraq_id(46567, 47321, 48383, 48441, 48472, 48538, 48641, 48804, 48907, 48929, 49140, 49141, 49152, 49256, 49289, 49295, 49408, 49411);\n script_xref(name:\"DSA\", value:\"2303\");\n\n script_name(english:\"Debian DSA-2303-2 : linux-2.6 - privilege escalation/denial of service/information leak\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems :\n\n - CVE-2011-1020\n Kees Cook discovered an issue in the /proc filesystem\n that allows local users to gain access to sensitive\n process information after execution of a setuid binary.\n\n - CVE-2011-1576\n Ryan Sweat discovered an issue in the VLAN\n implementation. Local users may be able to cause a\n kernel memory leak, resulting in a denial of service.\n\n - CVE-2011-2484\n Vasiliy Kulikov of Openwall discovered that the number\n of exit handlers that a process can register is not\n capped, resulting in local denial of service through\n resource exhaustion (CPU time and memory).\n\n - CVE-2011-2491\n Vasily Averin discovered an issue with the NFS locking\n implementation. A malicious NFS server can cause a\n client to hang indefinitely in an unlock call.\n\n - CVE-2011-2492\n Marek Kroemeke and Filip Palian discovered that\n uninitialized struct elements in the Bluetooth subsystem\n could lead to a leak of sensitive kernel memory through\n leaked stack memory.\n\n - CVE-2011-2495\n Vasiliy Kulikov of Openwall discovered that the io file\n of a process' proc directory was world-readable,\n resulting in local information disclosure of information\n such as password lengths.\n\n - CVE-2011-2496\n Robert Swiecki discovered that mremap() could be abused\n for local denial of service by triggering a BUG_ON\n assert.\n\n - CVE-2011-2497\n Dan Rosenberg discovered an integer underflow in the\n Bluetooth subsystem, which could lead to denial of\n service or privilege escalation.\n\n - CVE-2011-2517\n It was discovered that the netlink-based wireless\n configuration interface performed insufficient length\n validation when parsing SSIDs, resulting in buffer\n overflows. Local users with the CAP_NET_ADMIN capability\n can cause a denial of service.\n\n - CVE-2011-2525\n Ben Pfaff reported an issue in the network scheduling\n code. A local user could cause a denial of service (NULL\n pointer dereference) by sending a specially crafted\n netlink message.\n\n - CVE-2011-2700\n Mauro Carvalho Chehab of Red Hat reported a buffer\n overflow issue in the driver for the Si4713 FM Radio\n Transmitter driver used by N900 devices. Local users\n could exploit this issue to cause a denial of service or\n potentially gain elevated privileges.\n\n - CVE-2011-2723\n Brent Meshier reported an issue in the GRO (generic\n receive offload) implementation. This can be exploited\n by remote users to create a denial of service (system\n crash) in certain network device configurations.\n\n - CVE-2011-2905\n Christian Ohm discovered that the 'perf' analysis tool\n searches for its config files in the current working\n directory. This could lead to denial of service or\n potential privilege escalation if a user with elevated\n privileges is tricked into running 'perf' in a directory\n under the control of the attacker.\n\n - CVE-2011-2909\n Vasiliy Kulikov of Openwall discovered that a\n programming error in the Comedi driver could lead to the\n information disclosure through leaked stack memory.\n\n - CVE-2011-2918\n Vince Weaver discovered that incorrect handling of\n software event overflows in the 'perf' analysis tool\n could lead to local denial of service.\n\n - CVE-2011-2928\n Timo Warns discovered that insufficient validation of Be\n filesystem images could lead to local denial of service\n if a malformed filesystem image is mounted.\n\n - CVE-2011-3188\n Dan Kaminsky reported a weakness of the sequence number\n generation in the TCP protocol implementation. This can\n be used by remote attackers to inject packets into an\n active session.\n\n - CVE-2011-3191\n Darren Lavender reported an issue in the Common Internet\n File System (CIFS). A malicious file server could cause\n memory corruption leading to a denial of service.\n\nThis update also includes a fix for a regression introduced with the\nprevious security fix for CVE-2011-1768 (Debian bug #633738).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2484\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-2928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-3191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1768\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/linux-2.6\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2303\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux-2.6 and user-mode-linux packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-35squeeze2. Updates for issues impacting the oldstable\ndistribution (lenny) will be available soon.\n\nThe following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update :\n\n Debian 6.0 (squeeze) \n user-mode-linux 2.6.32-1um-4+35squeeze2\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-armel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-ia64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mips\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-mipsel\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-s390\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-sparc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-486\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-4kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-5kc-malta\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-iop32x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-ixp4xx\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-kirkwood\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-openvz-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-orion5x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r4k-ip22\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-cobalt\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-r5k-ip32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-s390x-tape\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1-bcm91250a\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sb1a-bcm91480b\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-sparc64-smp\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-versatile\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-686-bigmem-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-itanium\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-mckinley\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-powerpc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-s390x\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-vserver-sparc64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-686-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-image-2.6.32-5-xen-amd64-dbg\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-libc-dev\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-manual-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-patch-debian-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-source-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-support-2.6.32-5\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-tools-2.6.32\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-686\", reference:\"2.6.32-35squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"xen-linux-system-2.6.32-5-xen-amd64\", reference:\"2.6.32-35squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:30", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThe following security issues have been fixed :\n\n - A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash.\n (CVE-2009-4067)\n\n - Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. (CVE-2011-3363)\n\n - A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. (CVE-2011-3191)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.\n (CVE-2011-1776)\n\nThe following non-security issues have been fixed :\n\n - md: fix deadlock in md/raid1 and md/raid10 when handling a read error. (bnc#628343)\n\n - md: fix possible raid1/raid10 deadlock on read error during resync. (bnc#628343)\n\n - Add timeo parameter to /proc/mounts for nfs filesystems.\n (bnc#616256)\n\n - virtio: indirect ring entries (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)\n\n - virtio: teach virtio_has_feature() about transport features. (bnc#713876)\n\n - nf_nat: do not add NAT extension for confirmed conntracks. (bnc#709213)\n\n - 8250: Oxford Semiconductor Devices. (bnc#717126)\n\n - 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#717126)\n\n - 8250: Fix capabilities when changing the port type.\n (bnc#717126)\n\n - 8250: Add EEH support. (bnc#717126)\n\n - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)\n\n - ipmi: do not grab locks in run-to-completion mode.\n (bnc#717421)\n\n - cifs: add fallback in is_path_accessible for old servers. (bnc#718028)\n\n - cciss: do not attempt to read from a write-only register. (bnc#683101)\n\n - s390: kernel: System hang if hangcheck timer expires (bnc#712009,LTC#74157).\n\n - s390: kernel: NSS creation with initrd fails (bnc#712009,LTC#74207).\n\n - s390: kernel: remove code to handle topology interrupts (bnc#712009,LTC#74440).\n\n - xen: Added 1083-kbdfront-absolute-coordinates.patch.\n (bnc#717585)\n\n - acpi: Use a spinlock instead of mutex to guard gbl_lock access. (bnc#707439)\n\n - Allow balance_dirty_pages to help other filesystems.\n (bnc#709369)\n\n - nfs: fix congestion control. (bnc#709369)\n\n - NFS: Separate metadata and page cache revalidation mechanisms. (bnc#709369)\n\n - jbd: Fix oops in journal_remove_journal_head().\n (bnc#694315)\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - xen/x86: replace order-based range checking of M2P table by linear one.\n\n - xen/x86: use dynamically adjusted upper bound for contiguous regions. (bnc#635880)\n\n - Fix type in patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress.\n\n - s390: cio: Add timeouts for internal IO (bnc#701550,LTC#72691).\n\n - s390: kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132).\n\n - s390: qeth: wrong number of output queues for HiperSockets (bnc#701550,LTC#73814).", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7812)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1577", "CVE-2011-1776", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7812.NASL", "href": "https://www.tenable.com/plugins/nessus/57214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57214);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1577\", \"CVE-2011-1776\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7812)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update fixes various security issues and bugs in the\nSUSE Linux Enterprise 10 SP4 kernel.\n\nThe following security issues have been fixed :\n\n - A USB string descriptor overflow in the auerwald USB\n driver was fixed, which could be used by physically\n proximate attackers to cause a kernel crash.\n (CVE-2009-4067)\n\n - Always check the path in CIFS mounts to avoid\n interesting filesystem path interaction issues and\n potential crashes. (CVE-2011-3363)\n\n - A malicious CIFS server could cause a integer overflow\n on the local machine on directory index operations, in\n turn causing memory corruption. (CVE-2011-3191)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the\n Linux kernel did not check the size of an Extensible\n Firmware Interface (EFI) GUID Partition Table (GPT)\n entry, which allowed physically proximate attackers to\n cause a denial of service (heap-based buffer overflow\n and OOPS) or obtain sensitive information from kernel\n heap memory by connecting a crafted GPT storage device,\n a different vulnerability than CVE-2011-1577.\n (CVE-2011-1776)\n\nThe following non-security issues have been fixed :\n\n - md: fix deadlock in md/raid1 and md/raid10 when handling\n a read error. (bnc#628343)\n\n - md: fix possible raid1/raid10 deadlock on read error\n during resync. (bnc#628343)\n\n - Add timeo parameter to /proc/mounts for nfs filesystems.\n (bnc#616256)\n\n - virtio: indirect ring entries\n (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)\n\n - virtio: teach virtio_has_feature() about transport\n features. (bnc#713876)\n\n - nf_nat: do not add NAT extension for confirmed\n conntracks. (bnc#709213)\n\n - 8250: Oxford Semiconductor Devices. (bnc#717126)\n\n - 8250_pci: Add support for the Digi/IBM PCIe 2-port\n Adapter. (bnc#717126)\n\n - 8250: Fix capabilities when changing the port type.\n (bnc#717126)\n\n - 8250: Add EEH support. (bnc#717126)\n\n - xfs: fix memory reclaim recursion deadlock on locked\n inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)\n\n - ipmi: do not grab locks in run-to-completion mode.\n (bnc#717421)\n\n - cifs: add fallback in is_path_accessible for old\n servers. (bnc#718028)\n\n - cciss: do not attempt to read from a write-only\n register. (bnc#683101)\n\n - s390: kernel: System hang if hangcheck timer expires\n (bnc#712009,LTC#74157).\n\n - s390: kernel: NSS creation with initrd fails\n (bnc#712009,LTC#74207).\n\n - s390: kernel: remove code to handle topology interrupts\n (bnc#712009,LTC#74440).\n\n - xen: Added 1083-kbdfront-absolute-coordinates.patch.\n (bnc#717585)\n\n - acpi: Use a spinlock instead of mutex to guard gbl_lock\n access. (bnc#707439)\n\n - Allow balance_dirty_pages to help other filesystems.\n (bnc#709369)\n\n - nfs: fix congestion control. (bnc#709369)\n\n - NFS: Separate metadata and page cache revalidation\n mechanisms. (bnc#709369)\n\n - jbd: Fix oops in journal_remove_journal_head().\n (bnc#694315)\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - xen/x86: replace order-based range checking of M2P table\n by linear one.\n\n - xen/x86: use dynamically adjusted upper bound for\n contiguous regions. (bnc#635880)\n\n - Fix type in\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress.\n\n - s390: cio: Add timeouts for internal IO\n (bnc#701550,LTC#72691).\n\n - s390: kernel: first time swap use results in heavy\n swapping (bnc#701550,LTC#73132).\n\n - s390: qeth: wrong number of output queues for\n HiperSockets (bnc#701550,LTC#73814).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3363.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7812.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-debug-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-default-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdump-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-kdumppae-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-smp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-source-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-syms-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmi-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-vmipae-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xen-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.60-0.91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:58:34", "description": "This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\nThe following security issues have been fixed :\n\n - A USB string descriptor overflow in the auerwald USB driver was fixed, which could be used by physically proximate attackers to cause a kernel crash.\n (CVE-2009-4067)\n\n - Always check the path in CIFS mounts to avoid interesting filesystem path interaction issues and potential crashes. (CVE-2011-3363)\n\n - A malicious CIFS server could cause a integer overflow on the local machine on directory index operations, in turn causing memory corruption. (CVE-2011-3191)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel did not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allowed physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.\n (CVE-2011-1776)\n\nThe following non-security issues have been fixed :\n\n - md: fix deadlock in md/raid1 and md/raid10 when handling a read error. (bnc#628343)\n\n - md: fix possible raid1/raid10 deadlock on read error during resync. (bnc#628343)\n\n - Add timeo parameter to /proc/mounts for nfs filesystems.\n (bnc#616256)\n\n - virtio: indirect ring entries (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)\n\n - virtio: teach virtio_has_feature() about transport features. (bnc#713876)\n\n - nf_nat: do not add NAT extension for confirmed conntracks. (bnc#709213)\n\n - 8250: Oxford Semiconductor Devices. (bnc#717126)\n\n - 8250_pci: Add support for the Digi/IBM PCIe 2-port Adapter. (bnc#717126)\n\n - 8250: Fix capabilities when changing the port type.\n (bnc#717126)\n\n - 8250: Add EEH support. (bnc#717126)\n\n - xfs: fix memory reclaim recursion deadlock on locked inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)\n\n - ipmi: do not grab locks in run-to-completion mode.\n (bnc#717421)\n\n - cifs: add fallback in is_path_accessible for old servers. (bnc#718028)\n\n - cciss: do not attempt to read from a write-only register. (bnc#683101)\n\n - s390: kernel: System hang if hangcheck timer expires (bnc#712009,LTC#74157).\n\n - s390: kernel: NSS creation with initrd fails (bnc#712009,LTC#74207).\n\n - s390: kernel: remove code to handle topology interrupts (bnc#712009,LTC#74440).\n\n - xen: Added 1083-kbdfront-absolute-coordinates.patch.\n (bnc#717585)\n\n - acpi: Use a spinlock instead of mutex to guard gbl_lock access. (bnc#707439)\n\n - Allow balance_dirty_pages to help other filesystems.\n (bnc#709369)\n\n - nfs: fix congestion control. (bnc#709369)\n\n - NFS: Separate metadata and page cache revalidation mechanisms. (bnc#709369)\n\n - jbd: Fix oops in journal_remove_journal_head().\n (bnc#694315)\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl handling. (bnc#701355)\n\n - xen/x86: replace order-based range checking of M2P table by linear one.\n\n - xen/x86: use dynamically adjusted upper bound for contiguous regions. (bnc#635880)\n\n - Fix type in patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress.\n\n - s390: cio: Add timeouts for internal IO (bnc#701550,LTC#72691).\n\n - s390: kernel: first time swap use results in heavy swapping (bnc#701550,LTC#73132).\n\n - s390: qeth: wrong number of output queues for HiperSockets (bnc#701550,LTC#73814).", "cvss3": {"score": null, "vector": null}, "published": "2012-05-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7811)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-4067", "CVE-2011-1577", "CVE-2011-1776", "CVE-2011-3191", "CVE-2011-3363"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-7811.NASL", "href": "https://www.tenable.com/plugins/nessus/59160", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59160);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1577\", \"CVE-2011-1776\", \"CVE-2011-3191\", \"CVE-2011-3363\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7811)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Linux kernel update fixes various security issues and bugs in the\nSUSE Linux Enterprise 10 SP4 kernel.\n\nThe following security issues have been fixed :\n\n - A USB string descriptor overflow in the auerwald USB\n driver was fixed, which could be used by physically\n proximate attackers to cause a kernel crash.\n (CVE-2009-4067)\n\n - Always check the path in CIFS mounts to avoid\n interesting filesystem path interaction issues and\n potential crashes. (CVE-2011-3363)\n\n - A malicious CIFS server could cause a integer overflow\n on the local machine on directory index operations, in\n turn causing memory corruption. (CVE-2011-3191)\n\n - The is_gpt_valid function in fs/partitions/efi.c in the\n Linux kernel did not check the size of an Extensible\n Firmware Interface (EFI) GUID Partition Table (GPT)\n entry, which allowed physically proximate attackers to\n cause a denial of service (heap-based buffer overflow\n and OOPS) or obtain sensitive information from kernel\n heap memory by connecting a crafted GPT storage device,\n a different vulnerability than CVE-2011-1577.\n (CVE-2011-1776)\n\nThe following non-security issues have been fixed :\n\n - md: fix deadlock in md/raid1 and md/raid10 when handling\n a read error. (bnc#628343)\n\n - md: fix possible raid1/raid10 deadlock on read error\n during resync. (bnc#628343)\n\n - Add timeo parameter to /proc/mounts for nfs filesystems.\n (bnc#616256)\n\n - virtio: indirect ring entries\n (VIRTIO_RING_F_INDIRECT_DESC). (bnc#713876)\n\n - virtio: teach virtio_has_feature() about transport\n features. (bnc#713876)\n\n - nf_nat: do not add NAT extension for confirmed\n conntracks. (bnc#709213)\n\n - 8250: Oxford Semiconductor Devices. (bnc#717126)\n\n - 8250_pci: Add support for the Digi/IBM PCIe 2-port\n Adapter. (bnc#717126)\n\n - 8250: Fix capabilities when changing the port type.\n (bnc#717126)\n\n - 8250: Add EEH support. (bnc#717126)\n\n - xfs: fix memory reclaim recursion deadlock on locked\n inode buffer. (bnc#699355 / bnc#699354 / bnc#721830)\n\n - ipmi: do not grab locks in run-to-completion mode.\n (bnc#717421)\n\n - cifs: add fallback in is_path_accessible for old\n servers. (bnc#718028)\n\n - cciss: do not attempt to read from a write-only\n register. (bnc#683101)\n\n - s390: kernel: System hang if hangcheck timer expires\n (bnc#712009,LTC#74157).\n\n - s390: kernel: NSS creation with initrd fails\n (bnc#712009,LTC#74207).\n\n - s390: kernel: remove code to handle topology interrupts\n (bnc#712009,LTC#74440).\n\n - xen: Added 1083-kbdfront-absolute-coordinates.patch.\n (bnc#717585)\n\n - acpi: Use a spinlock instead of mutex to guard gbl_lock\n access. (bnc#707439)\n\n - Allow balance_dirty_pages to help other filesystems.\n (bnc#709369)\n\n - nfs: fix congestion control. (bnc#709369)\n\n - NFS: Separate metadata and page cache revalidation\n mechanisms. (bnc#709369)\n\n - jbd: Fix oops in journal_remove_journal_head().\n (bnc#694315)\n\n - xen/blkfront: avoid NULL de-reference in CDROM ioctl\n handling. (bnc#701355)\n\n - xen/x86: replace order-based range checking of M2P table\n by linear one.\n\n - xen/x86: use dynamically adjusted upper bound for\n contiguous regions. (bnc#635880)\n\n - Fix type in\n patches.fixes/libiscsi-dont-run-scsi-eh-if-iscsi-task-is\n -making-progress.\n\n - s390: cio: Add timeouts for internal IO\n (bnc#701550,LTC#72691).\n\n - s390: kernel: first time swap use results in heavy\n swapping (bnc#701550,LTC#73132).\n\n - s390: qeth: wrong number of output queues for\n HiperSockets (bnc#701550,LTC#73814).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4067.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1577.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1776.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3191.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3363.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7811.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-kdump-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.60-0.91.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.60-0.91.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:00:03", "description": "Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the previous Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f 3cd01976e702ccaffb907727caff4f8789353599 9c047157a20521cd525527947b13b950d168d2e6 6b4e81db2552bad04100e7d5ddeed7e848f53b48 3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f b522f02184b413955f3bc952e3776ce41edc6355 194b3da873fd334ef183806db751473512af29ce a1f74ae82d133ebb2aabb19d181944b4e83e9960 e9cdd343a5e42c43bcda01e609fa23089e026470 14fb57dccb6e1defe9f89a66f548fcb24c374c1d 221d1d797202984cb874e3ed9f1388593d34ee22 a294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-23T00:00:00", "type": "nessus", "title": "Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1598", "CVE-2011-1748", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2905"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-11103.NASL", "href": "https://www.tenable.com/plugins/nessus/55955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-11103.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55955);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1598\", \"CVE-2011-1748\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2484\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\");\n script_bugtraq_id(47503, 47835, 48333, 48383, 48472, 48538, 48697, 48802, 49140);\n script_xref(name:\"FEDORA\", value:\"2011-11103\");\n\n script_name(english:\"Fedora 14 : kernel-2.6.35.14-95.fc14 (2011-11103)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to kernel 2.6.35.14 :\n\nhttp://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog\n-2.6.35.14\n\nNOTE: These upstream commits from 2.6.35.14 were already in the\nprevious Fedora 14 kernel 2.6.35.13-92 :\n\nb934c20de1398d4a82d2ecfeb588a214a910f13f\n3cd01976e702ccaffb907727caff4f8789353599\n9c047157a20521cd525527947b13b950d168d2e6\n6b4e81db2552bad04100e7d5ddeed7e848f53b48\n3e9d08ec0a68f6faf718d5a7e050fe5ca0ba004f\nb522f02184b413955f3bc952e3776ce41edc6355\n194b3da873fd334ef183806db751473512af29ce\na1f74ae82d133ebb2aabb19d181944b4e83e9960\ne9cdd343a5e42c43bcda01e609fa23089e026470\n14fb57dccb6e1defe9f89a66f548fcb24c374c1d\n221d1d797202984cb874e3ed9f1388593d34ee22\na294865978b701e4d0d90135672749531b9a900d\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://ftp.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.35/ChangeLog-2.6.35.14\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?13012155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=698057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=710338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=714536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=715436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=716805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=722557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=723429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=729808\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064393.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38ec6e06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"kernel-2.6.35.14-95.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:28", "description": "Specially crafted RPM packages could have caused memory corruption in rpm when verifying signatures (CVE-2011-3378). This has been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : popt (SAT Patch Number 5256)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:popt", "p-cpe:/a:novell:suse_linux:11:popt-32bit", "p-cpe:/a:novell:suse_linux:11:rpm", "p-cpe:/a:novell:suse_linux:11:rpm-32bit", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_POPT-111010.NASL", "href": "https://www.tenable.com/plugins/nessus/57128", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57128);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"SuSE 11.1 Security Update : popt (SAT Patch Number 5256)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted RPM packages could have caused memory corruption in\nrpm when verifying signatures (CVE-2011-3378). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3378.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5256.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:popt-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"popt-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"rpm-4.4.2.3-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"popt-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"rpm-4.4.2.3-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"popt-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"rpm-4.4.2.3-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"popt-32bit-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"rpm-32bit-4.4.2.3-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"popt-32bit-1.7-37.29.29.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"rpm-32bit-4.4.2.3-37.29.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:46", "description": "Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-04T00:00:00", "type": "nessus", "title": "CentOS 4 / 5 : rpm (CESA-2011:1349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:popt", "p-cpe:/a:centos:centos:rpm", "p-cpe:/a:centos:centos:rpm-apidocs", "p-cpe:/a:centos:centos:rpm-build", "p-cpe:/a:centos:centos:rpm-devel", "p-cpe:/a:centos:centos:rpm-libs", "p-cpe:/a:centos:centos:rpm-python", "cpe:/o:centos:centos:4", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2011-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/56380", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1349 and \n# CentOS Errata and Security Advisory 2011:1349 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56380);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"RHSA\", value:\"2011:1349\");\n\n script_name(english:\"CentOS 4 / 5 : rpm (CESA-2011:1349)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat\nEnterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6\nExtended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network remain secure due\nto certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e271676f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-November/018160.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c545a1a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018091.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6ff68a7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-October/018092.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?309460ed\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x / 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"popt-1.9.1-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"popt-1.9.1-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"rpm-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"rpm-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"rpm-build-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"rpm-build-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"rpm-devel-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"rpm-devel-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"rpm-libs-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"rpm-libs-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"rpm-python-4.3.3-35_nonptl.el4_8\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"rpm-python-4.3.3-35_nonptl.el4_8\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"popt-1.10.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-apidocs-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-build-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-devel-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-libs-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"rpm-python-4.4.2.3-22.el5_7.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-devel / rpm-libs / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:24", "description": "Specially crafted RPM packages could have caused memory corruption in rpm when verifying signatures (CVE-2011-3378). This has been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2011-12-13T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : popt (ZYPP Patch Number 7792)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POPT-7792.NASL", "href": "https://www.tenable.com/plugins/nessus/57241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57241);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"SuSE 10 Security Update : popt (ZYPP Patch Number 7792)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted RPM packages could have caused memory corruption in\nrpm when verifying signatures (CVE-2011-3378). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3378.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7792.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"popt-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"popt-devel-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"rpm-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"rpm-devel-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"rpm-python-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-32bit-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-32bit-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"popt-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"popt-devel-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"rpm-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"rpm-devel-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"rpm-python-4.4.2-43.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-32bit-1.7-271.42.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"popt-devel-32bit-1.7-271.42.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:54:31", "description": "From Red Hat Security Advisory 2011:1349 :\n\nUpdated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2013-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 4 / 5 / 6 : rpm (ELSA-2011-1349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:popt", "p-cpe:/a:oracle:linux:rpm", "p-cpe:/a:oracle:linux:rpm-apidocs", "p-cpe:/a:oracle:linux:rpm-build", "p-cpe:/a:oracle:linux:rpm-cron", "p-cpe:/a:oracle:linux:rpm-devel", "p-cpe:/a:oracle:linux:rpm-libs", "p-cpe:/a:oracle:linux:rpm-python", "cpe:/o:oracle:linux:4", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2011-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/68363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1349 and \n# Oracle Linux Security Advisory ELSA-2011-1349 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68363);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"RHSA\", value:\"2011:1349\");\n\n script_name(english:\"Oracle Linux 4 / 5 / 6 : rpm (ELSA-2011-1349)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1349 :\n\nUpdated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat\nEnterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6\nExtended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network remain secure due\nto certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002385.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002386.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-October/002387.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"popt-1.9.1-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-build-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-devel-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-libs-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"rpm-python-4.3.3-35_nonptl.el4\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"popt-1.10.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-4.4.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-apidocs-4.4.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-build-4.4.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-devel-4.4.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-libs-4.4.2.3-22.0.1.el5_7.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"rpm-python-4.4.2.3-22.0.1.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"rpm-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-apidocs-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-build-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-cron-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-devel-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-libs-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"rpm-python-4.8.0-16.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-devel / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:50", "description": "Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code (CVE-2011-3378).\n\nAdditionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise Server 5 updated perl-URPM and lzma (xz v5) packages are being provided to support upgrading to Mandriva Linux 2011.\n\nThe updated packages have been patched to correct these issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : rpm (MDVSA-2011:143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64lzma-devel", "p-cpe:/a:mandriva:linux:lib64lzma5", "p-cpe:/a:mandriva:linux:lib64popt-devel", "p-cpe:/a:mandriva:linux:lib64popt0", "p-cpe:/a:mandriva:linux:lib64rpm-devel", "p-cpe:/a:mandriva:linux:lib64rpm4.4", "p-cpe:/a:mandriva:linux:lib64rpm4.6", "p-cpe:/a:mandriva:linux:liblzma-devel", "p-cpe:/a:mandriva:linux:liblzma5", "p-cpe:/a:mandriva:linux:libpopt-devel", "p-cpe:/a:mandriva:linux:libpopt0", "p-cpe:/a:mandriva:linux:librpm-devel", "p-cpe:/a:mandriva:linux:librpm4.4", "p-cpe:/a:mandriva:linux:librpm4.6", "p-cpe:/a:mandriva:linux:perl-URPM", "p-cpe:/a:mandriva:linux:popt-data", "p-cpe:/a:mandriva:linux:python-rpm", "p-cpe:/a:mandriva:linux:rpm", "p-cpe:/a:mandriva:linux:rpm-build", "p-cpe:/a:mandriva:linux:xz", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2010.1"], "id": "MANDRIVA_MDVSA-2011-143.NASL", "href": "https://www.tenable.com/plugins/nessus/56403", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2011:143. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56403);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"MDVSA\", value:\"2011:143\");\n\n script_name(english:\"Mandriva Linux Security Advisory : rpm (MDVSA-2011:143)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code (CVE-2011-3378).\n\nAdditionally for Mandriva Linux 2009.0 and Mandriva Linux Enterprise\nServer 5 updated perl-URPM and lzma (xz v5) packages are being\nprovided to support upgrading to Mandriva Linux 2011.\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lzma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64lzma5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64popt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64popt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64rpm4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64rpm4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblzma-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:liblzma5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpopt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpopt0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:librpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:librpm4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:librpm4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-URPM\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:popt-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xz\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64lzma-devel-5.0.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64lzma5-5.0.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64popt-devel-1.10.8-32.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64popt0-1.10.8-32.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64rpm-devel-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64rpm4.4-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"liblzma-devel-5.0.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"liblzma5-5.0.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpopt-devel-1.10.8-32.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpopt0-1.10.8-32.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"librpm-devel-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"librpm4.4-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"perl-URPM-3.18.2-0.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"popt-data-1.10.8-32.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"python-rpm-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rpm-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"rpm-build-4.4.2.3-20.4mnb2\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xz-5.0.0-0.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64rpm-devel-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64rpm4.6-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"librpm-devel-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"librpm4.6-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"python-rpm-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rpm-4.6.0-14.1mnb2\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"rpm-build-4.6.0-14.1mnb2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:49", "description": "This update fixes some crashes which can occur when reading malformed package headers.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-10T00:00:00", "type": "nessus", "title": "Fedora 16 : rpm-4.9.1.2-1.fc16 (2011-13766)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-13766.NASL", "href": "https://www.tenable.com/plugins/nessus/56424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13766.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56424);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"FEDORA\", value:\"2011-13766\");\n\n script_name(english:\"Fedora 16 : rpm-4.9.1.2-1.fc16 (2011-13766)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes some crashes which can occur when reading malformed\npackage headers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=741606\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067512.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf761065\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"rpm-4.9.1.2-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:45", "description": "Updated rpm packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat Enterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-04T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 / 6 : rpm (RHSA-2011:1349)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:popt", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-python", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3", "cpe:/o:redhat:enterprise_linux:5.6", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:redhat:enterprise_linux:6.1"], "id": "REDHAT-RHSA-2011-1349.NASL", "href": "https://www.tenable.com/plugins/nessus/56383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1349. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56383);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"RHSA\", value:\"2011:1349\");\n\n script_name(english:\"RHEL 4 / 5 / 6 : rpm (RHSA-2011:1349)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated rpm packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4, 5, and 6, and Red Hat\nEnterprise Linux 3 Extended Life Cycle Support, 5.3 Long Life, 5.6\nExtended Update Support, and 6.0 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe RPM Package Manager (RPM) is a command line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified. Package downloads from the Red Hat Network remain secure due\nto certificate checks performed on the secure connection.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-3378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1349\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:popt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1349\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"popt-1.9.1-35_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rpm-4.3.3-35_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rpm-build-4.3.3-35_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rpm-devel-4.3.3-35_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rpm-libs-4.3.3-35_nonptl.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"rpm-python-4.3.3-35_nonptl.el4\")) flag++;\n\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"popt-1.10.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"popt-1.10.2.3-22.el5_7.2\")) flag++; }\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"popt-1.10.2.3-9.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"popt-1.10.2.3-9.el5_3.2\")) flag++;\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-apidocs-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-apidocs-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-apidocs-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-build-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-build-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-build-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"rpm-devel-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"rpm-devel-4.4.2.3-22.el5_7.2\")) flag++; }\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-devel-4.4.2.3-9.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-devel-4.4.2.3-9.el5_3.2\")) flag++;\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", reference:\"rpm-libs-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", reference:\"rpm-libs-4.4.2.3-22.el5_7.2\")) flag++; }\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-libs-4.4.2.3-9.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-libs-4.4.2.3-9.el5_3.2\")) flag++;\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"rpm-python-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-22.el5_6.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"rpm-python-4.4.2.3-22.el5_7.2\")) flag++; }\n\nif (sp == \"6\") { if (rpm_check(release:\"RHEL5\", sp:\"6\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-22.el5_6.2\")) flag++; }\nelse if (sp == \"3\") { if (rpm_check(release:\"RHEL5\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-9.el5_3.2\")) flag++; }\n else { if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"rpm-python-4.4.2.3-22.el5_7.2\")) flag++; }\n\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"i686\", reference:\"rpm-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"s390x\", reference:\"rpm-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", reference:\"rpm-apidocs-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-apidocs-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"i686\", reference:\"rpm-build-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-build-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-build-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-build-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", reference:\"rpm-cron-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-cron-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", reference:\"rpm-debuginfo-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-debuginfo-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", reference:\"rpm-devel-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-devel-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", reference:\"rpm-libs-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", reference:\"rpm-libs-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"i686\", reference:\"rpm-python-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"rpm-python-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"rpm-python-4.8.0-16.el6_1.1\")) flag++; }\n\nif (sp == \"0\") { if (rpm_check(release:\"RHEL6\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-12.el6_0.1\")) flag++; }\n else { if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rpm-python-4.8.0-16.el6_1.1\")) flag++; }\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"popt / rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:37", "description": "Specially crafted rpm packages could have caused memory corruption in rpm when verifying signatures (CVE-2011-3378). This has been fixed.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-03T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : popt (ZYPP Patch Number 7793)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_POPT-7793.NASL", "href": "https://www.tenable.com/plugins/nessus/56702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56702);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"SuSE 10 Security Update : popt (ZYPP Patch Number 7793)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted rpm packages could have caused memory corruption in\nrpm when verifying signatures (CVE-2011-3378). This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-3378.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7793.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"popt-1.7-271.37.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"popt-devel-1.7-271.37.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"rpm-4.4.2-43.38.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"rpm-devel-4.4.2-43.38.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"rpm-python-4.4.2-43.38.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"popt-32bit-1.7-271.37.38.7\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"popt-devel-32bit-1.7-271.37.38.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:59:50", "description": "This update fixes some crashes which can occur when reading malformed package headers.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-10-12T00:00:00", "type": "nessus", "title": "Fedora 15 : rpm-4.9.1.2-1.fc15 (2011-13785)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-13785.NASL", "href": "https://www.tenable.com/plugins/nessus/56457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-13785.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56457);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_bugtraq_id(49799);\n script_xref(name:\"FEDORA\", value:\"2011-13785\");\n\n script_name(english:\"Fedora 15 : rpm-4.9.1.2-1.fc15 (2011-13785)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes some crashes which can occur when reading malformed\npackage headers.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=741606\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/067794.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11089e25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"rpm-4.9.1.2-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:20", "description": "Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures (CVE-2011-3378).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-devel", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_RPM-111010.NASL", "href": "https://www.tenable.com/plugins/nessus/75726", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rpm-5255.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75726);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)\");\n script_summary(english:\"Check for the rpm-5255 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted rpm packages can cause memory corruption in rpm when\nverifying signatures (CVE-2011-3378).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rpm-4.8.0-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"rpm-devel-4.8.0-5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"rpm-32bit-4.8.0-5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-32bit / rpm-devel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-16T02:06:10", "description": "Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)", "cvss3": {"score": null, "vector": null}, "published": "2013-09-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : rpm (ALAS-2011-14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rpm", "p-cpe:/a:amazon:linux:rpm-apidocs", "p-cpe:/a:amazon:linux:rpm-build", "p-cpe:/a:amazon:linux:rpm-cron", "p-cpe:/a:amazon:linux:rpm-debuginfo", "p-cpe:/a:amazon:linux:rpm-devel", "p-cpe:/a:amazon:linux:rpm-libs", "p-cpe:/a:amazon:linux:rpm-python", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2011-14.NASL", "href": "https://www.tenable.com/plugins/nessus/69573", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2011-14.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69573);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2011-3378\");\n script_xref(name:\"ALAS\", value:\"2011-14\");\n script_xref(name:\"RHSA\", value:\"2011:1349\");\n\n script_name(english:\"Amazon Linux AMI : rpm (ALAS-2011-14)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code. (CVE-2011-3378)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2011-14.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update rpm' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"rpm-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-apidocs-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-build-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-cron-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-debuginfo-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-devel-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-libs-4.8.0-16.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rpm-python-4.8.0-16.36.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-apidocs / rpm-build / rpm-cron / rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:31", "description": "Specially crafted rpm packages can cause memory corruption in rpm when verifying signatures (CVE-2011-3378).", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_RPM-111010.NASL", "href": "https://www.tenable.com/plugins/nessus/76010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rpm-5255.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76010);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"openSUSE Security Update : rpm (openSUSE-SU-2011:1203-1)\");\n script_summary(english:\"Check for the rpm-5255 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted rpm packages can cause memory corruption in rpm when\nverifying signatures (CVE-2011-3378).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=720824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00001.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-4.8.0-28.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-debuginfo-4.8.0-28.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-debugsource-4.8.0-28.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"rpm-devel-4.8.0-28.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"rpm-32bit-4.8.0-28.29.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.8.0-28.29.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm / rpm-32bit / rpm-devel / rpm-debuginfo / rpm-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:57:48", "description": "The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially crafted RPM package to execute arbitrary code before its digital signature has been verified.\n\nAll RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect.", "cvss3": {"score": null, "vector": null}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : rpm on SL4.x, SL5.x, SL6.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3378"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20111003_RPM_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61147", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61147);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3378\");\n\n script_name(english:\"Scientific Linux Security Update : rpm on SL4.x, SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The RPM Package Manager (RPM) is a command line driven package\nmanagement system capable of installing, uninstalling, verifying,\nquerying, and updating software packages.\n\nMultiple flaws were found in the way the RPM library parsed package\nheaders. An attacker could create a specially crafted RPM package\nthat, when queried or installed, would cause rpm to crash or,\npotentially, execute arbitrary code. (CVE-2011-3378)\n\nNote: Although an RPM package can, by design, execute arbitrary code\nwhen installed, this issue would allow a specially crafted RPM package\nto execute arbitrary code before its digital signature has been\nverified.\n\nAll RPM users should upgrade to these updated packages, which contain\na backported patch to correct these issues. All running applications\nlinked against the RPM library must be restarted for this update to\ntake effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=78\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1e860323\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"popt-1.9.1-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-build-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-debuginfo-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-devel-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-libs-4.3.3-35_nonptl.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"rpm-python-4.3.3-35_nonptl.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"popt-1.10.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-apidocs-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-build-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-debuginfo-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-devel-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-libs-4.4.2.3-22.el5_7.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"rpm-python-4.4.2.3-22.el5_7.2\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"rpm-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-apidocs-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-build-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-cron-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-debuginfo-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-devel-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-libs-4.8.0-16.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"rpm-python-4.8.0-16.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:55:36", "description": "untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-31T00:00:00", "type": "nessus", "title": "Fedora 15 : xen-4.1.1-3.fc15 (2011-10942)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-10942.NASL", "href": "https://www.tenable.com/plugins/nessus/56010", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10942.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56010);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(49146);\n script_xref(name:\"FEDORA\", value:\"2011-10942\");\n\n script_name(english:\"Fedora 15 : xen-4.1.1-3.fc15 (2011-10942)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"untrusted guest controlling PCI[E] device can lock up host CPU\n[CVE-2011-3131]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064939.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3ad44e33\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"xen-4.1.1-3.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T14:54:46", "description": "untrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-08-24T00:00:00", "type": "nessus", "title": "Fedora 16 : xen-4.1.1-3.fc16 (2011-10834)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3131"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-10834.NASL", "href": "https://www.tenable.com/plugins/nessus/55961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10834.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55961);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(49146);\n script_xref(name:\"FEDORA\", value:\"2011-10834\");\n\n script_name(english:\"Fedora 16 : xen-4.1.1-3.fc16 (2011-10834)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"untrusted guest controlling PCI[E] device can lock up host CPU\n[CVE-2011-3131]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064431.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?854f9137\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"xen-4.1.1-3.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:55", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Passthrough: disable bus-mastering on any card that causes an IOMMU fault (Tim Deegan) (CVE-2011-3131)\n\n - Serialize iptables calls in hotplug scripts (rhbz 460410)\n\n - Fix iptables service check bug (orabug 11727087)", "cvss3": {"score": null, "vector": null}, "published": "2014-11-26T00:00:00", "type": "nessus", "title": "OracleVM 2.2 : xen (OVMSA-2011-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3131"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-64", "p-cpe:/a:oracle:vm:xen-debugger", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-pvhvm-devel", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:2.2"], "id": "ORACLEVM_OVMSA-2011-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/79474", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2011-0008.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79474);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-3131\");\n script_bugtraq_id(49146);\n\n script_name(english:\"OracleVM 2.2 : xen (OVMSA-2011-0008)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Passthrough: disable bus-mastering on any card that\n causes an IOMMU fault (Tim Deegan) (CVE-2011-3131)\n\n - Serialize iptables calls in hotplug scripts (rhbz\n 460410)\n\n - Fix iptables service check bug (orabug 11727087)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2011-August/000062.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a285e99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-pvhvm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-3.4.0-0.1.34.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-64-3.4.0-0.1.34.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-debugger-3.4.0-0.1.34.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-devel-3.4.0-0.1.34.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-pvhvm-devel-3.4.0-0.1.34.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-tools-3.4.0-0.1.34.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:48:04", "description": "The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets. (CVE-2011-3188)\n\nImpact\n\nAttackers may be able to cause denial-of-service (DoS) or hijack network sessions by predicting sequence number values and sending crafted packets.\n\nThis issue affects control-plane traffic generated by the Linux kernel, and does not affect data-plane traffic.Outbound connections initiated from the BIG-IP system by administrative applications such as BIG-IP health monitors, SNMP, SMTP, SSH, network time protocol (NTP), and so on, are processed by the Linux operating system, and may be exploited by this vulnerability. For more information, refer to K13284: Overview of management interface routing (11.x and later).\n\nNote : Vulnerability scanners searching for this vulnerability will sometimes return false positives, as they depend on a low entropy value in certain sequence numbers for this vulnerability. Identifying a low entropy value in these tests may be inherently prone to false positives. For more information on vulnerability scanners, refer toK31046057: CVE security vulnerability scanners may report false positive results.", "cvss3": {"score": 9.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : Linux kernel TCP ISN vulnerability (K15301)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188"], "modified": "2021-03-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL15301.NASL", "href": "https://www.tenable.com/plugins/nessus/78170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15301.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78170);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/10\");\n\n script_cve_id(\"CVE-2011-3188\");\n script_bugtraq_id(49289);\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel TCP ISN vulnerability (K15301)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before\n3.1 use a modified MD4 algorithm to generate sequence numbers and\nFragment Identification values, which makes it easier for remote\nattackers to cause a denial of service (disrupted networking) or\nhijack network sessions by predicting these values and sending crafted\npackets. (CVE-2011-3188)\n\nImpact\n\nAttackers may be able to cause denial-of-service (DoS) or hijack\nnetwork sessions by predicting sequence number values and sending\ncrafted packets.\n\nThis issue affects control-plane traffic generated by the Linux\nkernel, and does not affect data-plane traffic.Outbound connections\ninitiated from the BIG-IP system by administrative applications such\nas BIG-IP health monitors, SNMP, SMTP, SSH, network time protocol\n(NTP), and so on, are processed by the Linux operating system, and may\nbe exploited by this vulnerability. For more information, refer to\nK13284: Overview of management interface routing (11.x and later).\n\nNote : Vulnerability scanners searching for this vulnerability will\nsometimes return false positives, as they depend on a low entropy\nvalue in certain sequence numbers for this vulnerability. Identifying\na low entropy value in these tests may be inherently prone to false\npositives. For more information on vulnerability scanners, refer\ntoK31046057: CVE security vulnerability scanners may report false\npositive results.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K13284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K31046057\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15301.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15301\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.2.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.1.0\",\"10.0.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-04-12T15:50:44", "description": "According to the version of one or more Juniper NSM servers running on the remote host, it is potentially vulnerable to denial of service and network session hijacking attacks due to a weak IP sequence number generator.", "cvss3": {"score": null, "vector": null}, "published": "2013-09-13T00:00:00", "type": "nessus", "title": "Juniper NSM Linux Kernel TCP Sequence Number Generation Issue (PSN-2012-08-688)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:juniper:netscreen-security_manager"], "id": "JUNIPER_NSM_PSN_2012_08_688.NASL", "href": "https://www.tenable.com/plugins/nessus/69873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69873);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2011-3188\");\n script_bugtraq_id(49289);\n\n script_name(english:\"Juniper NSM Linux Kernel TCP Sequence Number Generation Issue (PSN-2012-08-688)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has a predictable TCP sequence number generator.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of one or more Juniper NSM servers running on\nthe remote host, it is potentially vulnerable to denial of service and\nnetwork session hijacking attacks due to a weak IP sequence number\ngenerator.\");\n # http://kb.juniper.net/InfoCenter/index?page=content&legacyid=PSN-2012-08-688\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63abb75f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to NSM version 2011.4s3 / 2012.1 or higher.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2011-3188\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:netscreen-security_manager\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"os_fingerprint.nasl\", \"juniper_nsm_gui_svr_detect.nasl\", \"juniper_nsm_servers_installed.nasl\");\n script_require_keys(\"Juniper_NSM_VerDetected\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"global_settings.inc\");\n\n# Linux specific vuln according to the Vendor's advisory\nos = get_kb_item(\"Host/OS\");\nif (report_paranoia < 2)\n{\n if (!isnull(os) && 'Linux' >!< os) audit(AUDIT_HOST_NOT, 'Linux');\n}\n\nkb_base = \"Host/NSM/\";\n\nget_kb_item_or_exit(\"Juniper_NSM_VerDetected\");\n\nkb_list = make_list();\n\ntemp = get_kb_list(\"Juniper_NSM_GuiSvr/*/build\");\n\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\ntemp = get_kb_list(\"Host/NSM/*/build\");\nif (!isnull(temp) && max_index(keys(temp)) > 0)\n kb_list = make_list(kb_list, keys(temp));\n\nif (isnull(kb_list)) audit(AUDIT_NOT_INST, \"Juniper NSM Servers\");\n\nreport = '';\n\nentry = branch(kb_list);\n\nport = 0;\nkb_base = '';\n\nif (\"Juniper_NSM_GuiSvr\" >< entry)\n{\n port = entry - \"Juniper_NSM_GuiSvr/\" - \"/build\";\n kb_base = \"Juniper_NSM_GuiSvr/\" + port + \"/\";\n\n report_str1 = \"Remote GUI server version : \";\n report_str2 = \"Fixed version : \";\n}\nelse\n{\n kb_base = entry - \"build\";\n if (\"guiSvr\" >< kb_base)\n {\n report_str1 = \"Local GUI server version : \";\n report_str2 = \"Fixed version : \";\n }\n else\n {\n report_str1 = \"Local device server version : \";\n report_str2 = \"Fixed version : \";\n }\n}\n\nbuild = get_kb_item_or_exit(entry);\nversion = get_kb_item_or_exit(kb_base + 'version');\n\ndisp_version = version + \" (\" + build + \")\";\n\n# fix : NSM version 2012.1 or later\nitem = eregmatch(pattern:\"^([0-9.]+)\", string:version);\n\n# NSM version 2011.4s3 or later (less than build (LGB16z1c17)\nif (!isnull(item))\n{\n if (\n ver_compare(ver:item[1], fix:'2011.4', strict:FALSE) == -1 ||\n version =~ \"^2011.4([sS][1-2])?$\"\n )\n {\n report += '\\n ' + report_str1 + disp_version +\n '\\n ' + report_str2 + '2011.4s3 or 2012.1' + '\\n';\n }\n}\n\nif (report == '') audit(AUDIT_INST_VER_NOT_VULN, \"Juniper NSM GUI Server or Device Server\");\n\nif (report_verbosity > 0) security_warning(extra:report, port:port);\nelse security_warning(port);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:48", "description": "The Linux kernel is prone to a security weakness related to TCP sequence number generation. Attackers can exploit this issue to inject arbitrary packets into TCP sessions using a brute-force attack.\n\nAn attacker may use this vulnerability to create a denial of service condition or a man-in-the-middle attack.\n\nNote that this plugin may fire as a result of a network device (such as a load balancer, VPN, IPS, transparent proxy, etc.) that is vulnerable and that re-writes TCP sequence numbers, rather than the host itself being vulnerable.", "cvss3": {"score": null, "vector": null}, "published": "2011-09-23T00:00:00", "type": "nessus", "title": "Linux Kernel TCP Sequence Number Generation Security Weakness", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188"], "modified": "2019-03-06T00:00:00", "cpe": [], "id": "LINUX_ISN.NASL", "href": "https://www.tenable.com/plugins/nessus/56283", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56283);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/03/06 18:38:55\");\n\n script_cve_id(\"CVE-2011-3188\");\n script_bugtraq_id(49289);\n\n script_name(english:\"Linux Kernel TCP Sequence Number Generation Security Weakness\");\n script_summary(english:\"Checks for predictable TCP Sequence Numbers generated by the Linux kernel\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"It may be possible to predict TCP/IP Initial Sequence Numbers for the\nremote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Linux kernel is prone to a security weakness related to TCP\nsequence number generation. Attackers can exploit this issue to inject\narbitrary packets into TCP sessions using a brute-force attack.\n\nAn attacker may use this vulnerability to create a denial of service\ncondition or a man-in-the-middle attack.\n\nNote that this plugin may fire as a result of a network device (such\nas a load balancer, VPN, IPS, transparent proxy, etc.) that is\nvulnerable and that re-writes TCP sequence numbers, rather than the\nhost itself being vulnerable.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lwn.net/Articles/455135/\");\n # https://github.com/torvalds/linux/commit/6e5714eaf77d79ae1c8b47e3e040ff5411b717ec\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?62a845fa\");\n script_set_attribute(attribute:\"solution\", value:\"Contact the OS vendor for a Linux kernel update / patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/23\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"General\");\n\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif ( TARGET_IS_IPV6 ) exit(1, \"This check is not implemented for IPv6 hosts.\");\n\nMAX_RETRIES = 5;\nPROBES = 100;\n\n# Send a probe to a specific port (and from a specific port), and return the\n# sequence number.\nfunction probe(dport, sport)\n{\n local_var flags, ip, tcp, filter, i, rep;\n\n ip = forge_ip_packet(ip_hl : 5,\n ip_v : 4,\n ip_tos : 0,\n ip_len : 20,\n ip_id : 31338,\n ip_off : 0,\n ip_ttl : 64,\n ip_p : IPPROTO_TCP,\n ip_src : compat::this_host()\n );\n\n tcp = forge_tcp_packet(ip : ip,\n th_sport : sport,\n th_dport : dport,\n th_flags : TH_SYN,\n th_seq : 0,\n th_ack : 0,\n th_x2 : 0,\n th_off : 5,\n th_win : 8192,\n th_urp : 0\n );\n\n # Note: these ports look backwards because we're capturing the response\n filter = \"tcp and src host \" + get_host_ip() + \" and src port \" + dport + \" and dst port \" + sport;\n for (i = 0; i < MAX_RETRIES; i++ )\n {\n rep = send_packet(tcp, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1);\n if(rep) break;\n }\n\n if (!rep) exit(1, \"Didn't receive a response to the probes.\");\n\n flags = get_tcp_element(tcp:rep, element:\"th_flags\");\n if(flags != (TH_SYN|TH_ACK)) exit(1, \"The host didn't respond to our probe with with SYN/ACK.\");\n\n return get_tcp_element(tcp:rep, element:\"th_seq\");\n}\n\n# Calculate the average in the given list\nfunction average(list)\n{\n local_var total, i, x;\n\n total = bn_dec2raw(0);\n for(i = 0; i < max_index(list); i++)\n {\n # To get rid of signs, we half it then double it\n x = bn_dec2raw((list[i] >> 1) & 0x7FFFFFFF);\n x = bn_add(x, x);\n total = bn_add(total, x);\n }\n\n return bn_raw2dec(bn_div(total, bn_dec2raw(max_index(list))));\n}\n\n# Calculate the variance in the list of values\nfunction variance(list)\n{\n local_var average, total, i;\n\n average = bn_dec2raw(average(list:list));\n total = bn_dec2raw(0);\n\n for(i = 0; i < max_index(list); i++)\n total = bn_add(total, bn_sqr(bn_dec2raw(list[i]) - average));\n total = bn_div(total, max_index(list));\n\n return bn_raw2dec(total);\n}\n\n# Get an open port\nport = get_host_open_port();\nif (isnull(port) || !port) exit(1, \"Couldn't find an open port to check.\");\n\n# Get a sample of sequence numbers and the delta values\nseqs = make_list();\ndeltas = make_list();\nfor(i = 0; i < PROBES; i++)\n{\n seqs[i] = probe(dport:port, sport:(rand() % (65535 - 1024)) + 1024);\n if(i > 0)\n {\n deltas[i - 1] = seqs[i] - seqs[i - 1];\n }\n}\n\nv = variance(list:deltas);\nif(strlen(v) < 11) exit(1, \"The server had an unexpectedly low variance in sequence numbers, likely due to other sequence-number issues.\");\nelse if(strlen(v) < 15) security_warning(0);\nelse exit(0, \"The host does not appear to be affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:59:39", "description": "It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on '/dev/zero' was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled certain large values. A remote attacker with a malicious server could exploit this to crash the system or possibly execute arbitrary code as the root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security interface when invalid information was written to it. An unprivileged local user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in udp6_ufo_fragment() function. A remote attacker could use this flaw to crash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP) layer. A local user or a remote user on an X.25 network could exploit these flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2011-11-10T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2010-4250", "CVE-2011-1020", "CVE-2011-1078", "CVE-2011-1079", "CVE-2011-1080", "CVE-2011-1093", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1478", "CVE-2011-1479", "CVE-2011-1493", "CVE-2011-1573", "CVE-2011-1576", "CVE-2011-1577", "CVE-2011-1581", "CVE-2011-1585", "CVE-2011-1767", "CVE-2011-1768", "CVE-2011-1771", "CVE-2011-1776", "CVE-2011-1833", "CVE-2011-2182", "CVE-2011-2183", "CVE-2011-2213", "CVE-2011-2479", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2492", "CVE-2011-2493", "CVE-2011-2494", "CVE-2011-2495", "CVE-2011-2496", "CVE-2011-2497", "CVE-2011-2517", "CVE-2011-2525", "CVE-2011-2689", "CVE-2011-2695", "CVE-2011-2699", "CVE-2011-2700", "CVE-2011-2723", "CVE-2011-2905", "CVE-2011-2909", "CVE-2011-2918", "CVE-2011-2928", "CVE-2011-2942", "CVE-2011-3188", "CVE-2011-3191", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-3619", "CVE-2011-3637", "CVE-2011-4087", "CVE-2011-4326", "CVE-2011-4914"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts"], "id": "UBUNTU_USN-1256-1.NASL", "href": "https://www.tenable.com/plugins/nessus/56768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1256-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56768);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n script_bugtraq_id(46567, 46616, 46793, 46866, 46935, 46980, 47056, 47296, 47308, 47321, 47343, 47381, 47768, 47796, 47852, 47853, 47926, 48101, 48333, 48347, 48383, 48441, 48472, 48538, 48641, 48677, 48697, 48802, 48804, 48907, 48929, 49108, 49140, 49141, 49408, 49411, 50314);\n script_xref(name:\"USN\", value:\"1256-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1256-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the /proc filesystem did not correctly handle\npermission changes when programs executed. A local attacker could hold\nopen files to examine details about programs running with higher\nprivileges, potentially increasing the chances of exploiting\nadditional vulnerabilities. (CVE-2011-1020)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\nclear memory. A local attacker could exploit this to read kernel stack\nmemory, leading to a loss of privacy. (CVE-2011-1078)\n\nVasiliy Kulikov discovered that the Bluetooth stack did not correctly\ncheck that device name strings were NULL terminated. A local attacker\ncould exploit this to crash the system, leading to a denial of\nservice, or leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1079)\n\nVasiliy Kulikov discovered that bridge network filtering did not check\nthat name fields were NULL terminated. A local attacker could exploit\nthis to leak contents of kernel stack memory, leading to a loss of\nprivacy. (CVE-2011-1080)\n\nJohan Hovold discovered that the DCCP network stack did not correctly\nhandle certain packet combinations. A remote attacker could send\nspecially crafted network traffic that would crash the system, leading\nto a denial of service. (CVE-2011-1093)\n\nPeter Huewe discovered that the TPM device did not correctly\ninitialize memory. A local attacker could exploit this to read kernel\nheap memory contents, leading to a loss of privacy. (CVE-2011-1160)\n\nDan Rosenberg discovered that the IRDA subsystem did not correctly\ncheck certain field sizes. If a system was using IRDA, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-1180)\n\nRyan Sweat discovered that the GRO code did not correctly validate\nmemory. In some configurations on systems using VLANs, a remote\nattacker could send specially crafted traffic to crash the system,\nleading to a denial of service. (CVE-2011-1478)\n\nIt was discovered that the security fix for CVE-2010-4250 introduced a\nregression. A remote attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-1479)\n\nDan Rosenberg discovered that the X.25 Rose network stack did not\ncorrectly handle certain fields. If a system was running with Rose\nenabled, a remote attacker could send specially crafted traffic to\ngain root privileges. (CVE-2011-1493)\n\nIt was discovered that the Stream Control Transmission Protocol (SCTP)\nimplementation incorrectly calculated lengths. If the\nnet.sctp.addip_enable variable was turned on, a remote attacker could\nsend specially crafted traffic to crash the system. (CVE-2011-1573)\n\nRyan Sweat discovered that the kernel incorrectly handled certain VLAN\npackets. On some systems, a remote attacker could send specially\ncrafted traffic to crash the system, leading to a denial of service.\n(CVE-2011-1576)\n\nTimo Warns discovered that the GUID partition parsing routines did not\ncorrectly validate certain structures. A local attacker with physical\naccess could plug in a specially crafted block device to crash the\nsystem, leading to a denial of service. (CVE-2011-1577)\n\nPhil Oester discovered that the network bonding system did not\ncorrectly handle large queues. On some systems, a remote attacker\ncould send specially crafted traffic to crash the system, leading to a\ndenial of service. (CVE-2011-1581)\n\nIt was discovered that CIFS incorrectly handled authentication. When a\nuser had a CIFS share mounted that required authentication, a local\nuser could mount the same share without knowing the correct password.\n(CVE-2011-1585)\n\nIt was discovered that the GRE protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ip_gre\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1767)\n\nIt was discovered that the IP/IP protocol incorrectly handled netns\ninitialization. A remote attacker could send a packet while the ipip\nmodule was loading, and crash the system, leading to a denial of\nservice. (CVE-2011-1768)\n\nBen Greear discovered that CIFS did not correctly handle direct I/O. A\nlocal attacker with access to a CIFS partition could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-1771)\n\nTimo Warns discovered that the EFI GUID partition table was not\ncorrectly parsed. A physically local attacker that could insert\nmountable devices could exploit this to crash the system or possibly\ngain root privileges. (CVE-2011-1776)\n\nVasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\ncorrectly check the origin of mount points. A local attacker could\nexploit this to trick the system into unmounting arbitrary mount\npoints, leading to a denial of service. (CVE-2011-1833)\n\nBen Hutchings reported a flaw in the kernel's handling of corrupt LDM\npartitions. A local user could exploit this to cause a denial of\nservice or escalate privileges. (CVE-2011-2182)\n\nDan Rosenberg discovered that the IPv4 diagnostic routines did not\ncorrectly validate certain requests. A local attacker could exploit\nthis to consume CPU resources, leading to a denial of service.\n(CVE-2011-2213)\n\nIt was discovered that an mmap() call with the MAP_PRIVATE flag on\n'/dev/zero' was incorrectly handled. A local attacker could exploit\nthis to crash the system, leading to a denial of service.\n(CVE-2011-2479)\n\nVasiliy Kulikov discovered that taskstats listeners were not correctly\nhandled. A local attacker could exploit this to exhaust memory and CPU\nresources, leading to a denial of service. (CVE-2011-2484)\n\nIt was discovered that Bluetooth l2cap and rfcomm did not correctly\ninitialize structures. A local attacker could exploit this to read\nportions of the kernel stack, leading to a loss of privacy.\n(CVE-2011-2492)\n\nSami Liedes discovered that ext4 did not correctly handle missing root\ninodes. A local attacker could trigger the mount of a specially\ncrafted filesystem to cause the system to crash, leading to a denial\nof service. (CVE-2011-2493)\n\nRobert Swiecki discovered that mapping extensions were incorrectly\nhandled. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2496)\n\nDan Rosenberg discovered that the Bluetooth stack incorrectly handled\ncertain L2CAP requests. If a system was using Bluetooth, a remote\nattacker could send specially crafted traffic to crash the system or\ngain root privileges. (CVE-2011-2497)\n\nBen Pfaff discovered that Classless Queuing Disciplines (qdiscs) were\nbeing incorrectly handled. A local attacker could exploit this to\ncrash the system, leading to a denial of service. (CVE-2011-2525)\n\nIt was discovered that GFS2 did not correctly check block sizes. A\nlocal attacker could exploit this to crash the system, leading to a\ndenial of service. (CVE-2011-2689)\n\nIt was discovered that the EXT4 filesystem contained multiple\noff-by-one flaws. A local attacker could exploit this to crash the\nsystem, leading to a denial of service. (CVE-2011-2695)\n\nFernando Gont discovered that the IPv6 stack used predictable fragment\nidentification numbers. A remote attacker could exploit this to\nexhaust network resources, leading to a denial of service.\n(CVE-2011-2699)\n\nMauro Carvalho Chehab discovered that the si4713 radio driver did not\ncorrectly check the length of memory copies. If this hardware was\navailable, a local attacker could exploit this to crash the system or\ngain root privileges. (CVE-2011-2700)\n\nHerbert Xu discovered that certain fields were incorrectly handled\nwhen Generic Receive Offload (CVE-2011-2723)\n\nThe performance counter subsystem did not correctly handle certain\ncounters. A local attacker could exploit this to crash the system,\nleading to a denial of service. (CVE-2011-2918)\n\nTime Warns discovered that long symlinks were incorrectly handled on\nBe filesystems. A local attacker could exploit this with a malformed\nBe filesystem and crash the system, leading to a denial of service.\n(CVE-2011-2928)\n\nQianfeng Zhang discovered that the bridge networking interface\nincorrectly handled certain network packets. A remote attacker could\nexploit this to crash the system, leading to a denial of service.\n(CVE-2011-2942)\n\nDan Kaminsky discovered that the kernel incorrectly handled random\nsequence number generation. An attacker could use this flaw to\npossibly predict sequence numbers and inject packets. (CVE-2011-3188)\n\nDarren Lavender discovered that the CIFS client incorrectly handled\ncertain large values. A remote attacker with a malicious server could\nexploit this to crash the system or possibly execute arbitrary code as\nthe root user. (CVE-2011-3191)\n\nYasuaki Ishimatsu discovered a flaw in the kernel's clock\nimplementation. A local unprivileged attacker could exploit this\ncausing a denial of service. (CVE-2011-3209)\n\nYogesh Sharma discovered that CIFS did not correctly handle UNCs that\nhad no prefixpaths. A local attacker with access to a CIFS partition\ncould exploit this to crash the system, leading to a denial of\nservice. (CVE-2011-3363)\n\nA flaw was discovered in the Linux kernel's AppArmor security\ninterface when invalid information was written to it. An unprivileged\nlocal user could use this to cause a denial of service on the system.\n(CVE-2011-3619)\n\nA flaw was found in the Linux kernel's /proc/*/*map* interface. A\nlocal, unprivileged user could exploit this flaw to cause a denial of\nservice. (CVE-2011-3637)\n\nScot Doyle discovered that the bridge networking interface incorrectly\nhandled certain network packets. A remote attacker could exploit this\nto crash the system, leading to a denial of service. (CVE-2011-4087)\n\nA bug was found in the way headroom check was performed in\nudp6_ufo_fragment() function. A remote attacker could use this flaw to\ncrash the system. (CVE-2011-4326)\n\nBen Hutchings discovered several flaws in the Linux Rose (X.25 PLP)\nlayer. A local user or a remote user on an X.25 network could exploit\nthese flaws to execute arbitrary code as root. (CVE-2011-4914).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1256-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2010-4250\", \"CVE-2011-1020\", \"CVE-2011-1078\", \"CVE-2011-1079\", \"CVE-2011-1080\", \"CVE-2011-1093\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1478\", \"CVE-2011-1479\", \"CVE-2011-1493\", \"CVE-2011-1573\", \"CVE-2011-1576\", \"CVE-2011-1577\", \"CVE-2011-1581\", \"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-1771\", \"CVE-2011-1776\", \"CVE-2011-1833\", \"CVE-2011-2182\", \"CVE-2011-2183\", \"CVE-2011-2213\", \"CVE-2011-2479\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2492\", \"CVE-2011-2493\", \"CVE-2011-2494\", \"CVE-2011-2495\", \"CVE-2011-2496\", \"CVE-2011-2497\", \"CVE-2011-2517\", \"CVE-2011-2525\", \"CVE-2011-2689\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2905\", \"CVE-2011-2909\", \"CVE-2011-2918\", \"CVE-2011-2928\", \"CVE-2011-2942\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3363\", \"CVE-2011-3619\", \"CVE-2011-3637\", \"CVE-2011-4087\", \"CVE-2011-4326\", \"CVE-2011-4914\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1256-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-generic-pae\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-server\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.38-12-virtual\", pkgver:\"2.6.38-12.51~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-generic / linux-image-2.6-generic-pae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:49:30", "description": "The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.\n\nCVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users.\n\nCVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory.\n\nCVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code.\n\nCVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory.\n\nCVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.\n\nCVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1017", "CVE-2011-1020", "CVE-2011-1160", "CVE-2011-1180", "CVE-2011-1479", "CVE-2011-1577", "CVE-2011-1585", "CVE-2011-1593", "CVE-2011-2182", "CVE-2011-2484", "CVE-2011-2491", "CVE-2011-2495", "CVE-2011-2496"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-extra", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vmi", "p-cpe:/a:novell:opensuse:kernel-vmi-base", "p-cpe:/a:novell:opensuse:kernel-vmi-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:preload-kmp-default", "p-cpe:/a:novell:opensuse:preload-kmp-desktop", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_KERNEL-110726.NASL", "href": "https://www.tenable.com/plugins/nessus/75555", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update kernel-4931.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75555);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1013\", \"CVE-2011-1016\", \"CVE-2011-1017\", \"CVE-2011-1020\", \"CVE-2011-1160\", \"CVE-2011-1180\", \"CVE-2011-1479\", \"CVE-2011-1577\", \"CVE-2011-1585\", \"CVE-2011-1593\", \"CVE-2011-2182\", \"CVE-2011-2484\", \"CVE-2011-2491\", \"CVE-2011-2495\", \"CVE-2011-2496\");\n\n script_name(english:\"openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)\");\n script_summary(english:\"Check for the kernel-4931 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs\nand security issues.\n\nFollowing security issues have been fixed: CVE-2011-2495: The\n/proc/PID/io interface could be used by local attackers to gain\ninformation on other processes like number of password characters\ntyped or similar.\n\nCVE-2011-2484: The add_del_listener function in kernel/taskstats.c in\nthe Linux kernel did not prevent multiple registrations of exit\nhandlers, which allowed local users to cause a denial of service\n(memory and CPU consumption), and bypass the OOM Killer, via a crafted\napplication.\n\nCVE-2011-2491: A local unprivileged user able to access a NFS\nfilesystem could use file locking to deadlock parts of an nfs server\nunder some circumstance.\n\nCVE-2011-2496: The normal mmap paths all avoid creating a mapping\nwhere the pgoff inside the mapping could wrap around due to overflow.\nHowever, an expanding mremap() can take such a non-wrapping mapping\nand make it bigger and cause a wrapping condition.\n\nCVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions\n(in fs/partitions/ldm.c) contained bugs that could crash the kernel\nfor certain corrupted LDM partitions.\n\nCVE-2011-1479: A regression in inotify fix for a memory leak could\nlead to a double free corruption which could crash the system.\n\nCVE-2011-1593: Multiple integer overflows in the next_pidmap function\nin kernel/pid.c in the Linux kernel allowed local users to cause a\ndenial of service (system crash) via a crafted (1) getdents or (2)\nreaddir system call.\n\nCVE-2011-1020: The proc filesystem implementation in the Linux kernel\ndid not restrict access to the /proc directory tree of a process after\nthis process performs an exec of a setuid program, which allowed local\nusers to obtain sensitive information or cause a denial of service via\nopen, lseek, read, and write system calls.\n\nCVE-2011-1585: When using a setuid root mount.cifs, local users could\nhijack password protected mounted CIFS shares of other local users.\n\nCVE-2011-1160: Kernel information via the TPM devices could by used by\nlocal attackers to read kernel memory.\n\nCVE-2011-1577: The Linux kernel automatically evaluated partition\ntables of storage devices. The code for evaluating EFI GUID partitions\n(in fs/partitions/efi.c) contained a bug that causes a kernel oops on\ncertain corrupted GUID partition tables, which might be used by local\nattackers to crash the kernel or potentially execute code.\n\nCVE-2011-1180: In the IrDA module, length fields provided by a peer\nfor names and attributes may be longer than the destination array\nsizes and were not checked, this allowed local attackers (close to the\nirda port) to potentially corrupt memory.\n\nCVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not\nproperly validate data related to the AA resolve registers, which\nallowed local users to write to arbitrary memory locations associated\nwith (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table\n(GTT) via crafted values.\n\nCVE-2011-1013: A signedness issue in the drm ioctl handling could be\nused by local attackers to potentially overflow kernel buffers and\nexecute code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=584493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=595586\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=655693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=669937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=670868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=673934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=674982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=676419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=677827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=679898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=680040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=681497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=683282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=687113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=688432\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=689414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=692502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=693382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=698247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=702285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vmi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:preload-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-debug-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-default-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-desktop-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-ec2-extra-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-pae-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-source-vanilla-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-syms-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-trace-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vanilla-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-vmi-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-base-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"kernel-xen-devel-2.6.34.10-0.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-default-1.1_k2.6.34.10_0.2-19.1.24\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"preload-kmp-desktop-1.1_k2.6.34.10_0.2-19.1.24\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-08-01T16:17:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870504", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00014.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870504\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1386-01\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_name(\"RedHat Update for kernel RHSA-2011:1386-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n\n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n\n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n\n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n\n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n\n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n\n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n\n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n\n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of se ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:05:04", "description": "Oracle Linux Local Security Checks ELSA-2011-1386", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122066", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1386.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122066\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:30 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1386\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1386 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1386\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1386.html\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.7.1.0.1.el5~1.4.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.7.1.0.1.el5PAE~1.4.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.7.1.0.1.el5debug~1.4.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~274.7.1.0.1.el5xen~1.4.9~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.7.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.7.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.7.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~274.7.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:58:18", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1386 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2018-01-02T00:00:00", "id": "OPENVAS:881406", "href": "http://plugins.openvas.org/nasl.php?oid=881406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1386 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n \n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n \n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n \n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n \n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n \n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n \n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n \n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n \n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n \n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n \n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-3209, Moderat ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018127.html\");\n script_id(881406);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:46:47 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1386\");\n script_name(\"CentOS Update for kernel CESA-2011:1386 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:14", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1386-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:870504", "href": "http://plugins.openvas.org/nasl.php?oid=870504", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1386-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n \n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n \n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n \n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n \n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n \n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n \n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n \n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n \n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n \n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n \n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of se ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00014.html\");\n script_id(870504);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1386-01\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_name(\"RedHat Update for kernel RHSA-2011:1386-01\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:15:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1386 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881021", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1386 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-October/018128.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881021\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1386\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_name(\"CentOS Update for kernel CESA-2011:1386 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n\n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n\n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n\n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n\n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n\n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n\n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n\n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n\n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-3209, Moderat ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:24", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2011-10-21T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1386 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:881021", "href": "http://plugins.openvas.org/nasl.php?oid=881021", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1386 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n \n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n \n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n \n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n \n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n \n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n \n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n \n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n \n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n \n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n \n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n \n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-3209, Moderat ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kernel on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-October/018128.html\");\n script_id(881021);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-21 16:31:29 +0200 (Fri, 21 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2011:1386\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_name(\"CentOS Update for kernel CESA-2011:1386 centos5 i386\");\n\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:12:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-30T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2011:1386 centos5 x86_64", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2942", "CVE-2011-3131", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1160", "CVE-2009-4067", "CVE-2011-3347", "CVE-2011-2699", "CVE-2011-2484", "CVE-2011-3209", "CVE-2011-1833", "CVE-2011-2695", "CVE-2011-3191", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310881406", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881406", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2011:1386 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-October/018127.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881406\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:46:47 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-4067\", \"CVE-2011-1160\", \"CVE-2011-1585\", \"CVE-2011-1833\",\n \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2695\", \"CVE-2011-2699\",\n \"CVE-2011-2723\", \"CVE-2011-2942\", \"CVE-2011-3131\", \"CVE-2011-3188\",\n \"CVE-2011-3191\", \"CVE-2011-3209\", \"CVE-2011-3347\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2011:1386\");\n script_name(\"CentOS Update for kernel CESA-2011:1386 centos5 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n Security fixes:\n\n * The maximum file offset handling for ext4 file systems could allow a\n local, unprivileged user to cause a denial of service. (CVE-2011-2695,\n Important)\n\n * IPv6 fragment identification value generation could allow a remote\n attacker to disrupt a target system's networking, preventing legitimate\n users from accessing its services. (CVE-2011-2699, Important)\n\n * A malicious CIFS (Common Internet File System) server could send a\n specially-crafted response to a directory read request that would result in\n a denial of service or privilege escalation on a system that has a CIFS\n share mounted. (CVE-2011-3191, Important)\n\n * A local attacker could use mount.ecryptfs_private to mount (and then\n access) a directory they would otherwise not have access to. Note: To\n correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be\n installed. (CVE-2011-1833, Moderate)\n\n * A flaw in the taskstats subsystem could allow a local, unprivileged user\n to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n * Mapping expansion handling could allow a local, unprivileged user to\n cause a denial of service. (CVE-2011-2496, Moderate)\n\n * GRO (Generic Receive Offload) fields could be left in an inconsistent\n state. An attacker on the local network could use this flaw to cause a\n denial of service. GRO is enabled by default in all network drivers that\n support it. (CVE-2011-2723, Moderate)\n\n * RHSA-2011:1065 introduced a regression in the Ethernet bridge\n implementation. If a system had an interface in a bridge, and an attacker\n on the local network could send packets to that interface, they could cause\n a denial of service on that system. Xen hypervisor and KVM (Kernel-based\n Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942,\n Moderate)\n\n * A flaw in the Xen hypervisor IOMMU error handling implementation could\n allow a privileged guest user, within a guest operating system that has\n direct control of a PCI device, to cause performance degradation on the\n host and possibly cause it to hang. (CVE-2011-3131, Moderate)\n\n * IPv4 and IPv6 protocol sequence number and fragment ID generation could\n allow a man-in-the-middle attacker to inject packets and possibly hijack\n connections. Protocol sequence number and fragment IDs are now more random.\n (CVE-2011-3188, Moderate)\n\n * A flaw in the kernel's clock implementation could allow a local,\n unprivileged user to cause a denial of service. (CVE-2011-3209, Moderat ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~274.7.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "description": "Oracle Linux Local Security Checks ELSA-2011-2029", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-2029", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2723", "CVE-2011-2484", "CVE-2011-1833", "CVE-2011-2898", "CVE-2011-2496"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122075", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122075", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-2029.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122075\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:39 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-2029\");\n script_tag(name:\"insight\", value:\"ELSA-2011-2029 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-2029\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-2029.html\");\n script_cve_id(\"CVE-2011-1833\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2723\", \"CVE-2011-2898\");\n script_tag(name:\"cvss_base\", value:\"5.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~200.20.1.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.20.1.el5uek~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.20.1.el5uekdebug~1.5.1~4.0.53\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-headers\", rpm:\"kernel-uek-headers~2.6.32~200.20.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.20.1.el6uek~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~200.20.1.el6uekdebug~1.5.1~4.0.47\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.7, "vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-01T16:17:06", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2011-16)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1833", "CVE-2011-3191"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120275", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120275\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 11:21:32 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2011-16)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2011-16.html\");\n script_cve_id(\"CVE-2011-2723\", \"CVE-2011-1833\", \"CVE-2011-3188\", \"CVE-2011-3191\", \"CVE-2011-2918\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.35.14~97.44.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:00", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1280-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1280-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840812", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840812", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1280_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1280-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1280-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840812\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:38 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1280-1\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2496\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1280-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1280-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.27\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-12-04T11:27:20", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1280-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1280-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840812", "href": "http://plugins.openvas.org/nasl.php?oid=840812", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1280_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1280-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1280-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1280-1/\");\n script_id(840812);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:38 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1280-1\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-2496\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1280-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.35-903-omap4\", ver:\"2.6.35-903.27\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:41", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1246-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1246-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840793", "href": "http://plugins.openvas.org/nasl.php?oid=840793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1246_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1246-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1246-1\";\ntag_affected = \"linux on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1246-1/\");\n script_id(840793);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1246-1\");\n script_cve_id(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1246-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-omap\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc64-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-versatile\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:28", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1246-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1246-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1246_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1246-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1246-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840793\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1246-1\");\n script_cve_id(\"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\",\n \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1246-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1246-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-generic-pae\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-omap\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-powerpc64-smp\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-server\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-versatile\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-12-virtual\", ver:\"2.6.38-12.51\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:00", "description": "Oracle Linux Local Security Checks ELSA-2011-1350", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1350", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-2484", "CVE-2011-2521", "CVE-2011-2022", "CVE-2011-1833", "CVE-2011-2898", "CVE-2011-1745", "CVE-2011-2496"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122078", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1350.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122078\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:12:42 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1350\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1350 - kernel security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1350\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1350.html\");\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\", \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\", \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.17.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-2484", "CVE-2011-2521", "CVE-2011-2022", "CVE-2011-1833", "CVE-2011-2898", "CVE-2011-1745", "CVE-2011-2496"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310870628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870628\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:35:28 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\",\n \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\",\n \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"RHSA\", value:\"2011:1350-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1350-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local user to cause a denial of service or escalate\n their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n * An integer overflow flaw in agp_allocate_memory() could allow a local\n user to cause a denial of service or escalate their privileges.\n (CVE-2011-1746, Important)\n\n * A race condition flaw was found in the Linux kernel's eCryptfs\n implementation. A local attacker could use the mount.ecryptfs_private\n utility to mount (and then access) a directory they would otherwise not\n have access to. Note: To correct this issue, the RHSA-2011:1241\n ecryptfs-utils update, which provides the user-space part of the fix, must\n also be installed. (CVE-2011-1833, Moderate)\n\n * A denial of service flaw was found in the way the taskstats subsystem\n handled the registration of process exit handlers. A local, unprivileged\n user could register an unlimited amount of these handlers, leading to\n excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n * A flaw was found in the way mapping expansions were handled. A local,\n unprivileged user could use this flaw to cause a wrapping condition,\n triggering a denial of service. (CVE-2011-2496, Moderate)\n\n * A flaw was found in the Linux kernel's Performance Events implementation.\n It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a\n lockup and panic the system. A local, unprivileged user could use this flaw\n to cause a denial of service (kernel panic) using the perf tool.\n (CVE-2011-2521, Moderate)\n\n * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO\n (Generic Receive Offload) fields being left in an inconsistent state. An\n attacker on the local network could use this flaw to trigger a denial of\n service. GRO is enabled by default in all network drivers that support it.\n (CVE-2011-2723, Moderate)\n\n * A flaw was found in the way the Linux kernel's Performance Events\n implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2011-2918, Moderate)\n\n * A flaw was found in the Linux kernel's Trusted Platform Module (TPM)\n implementation. A local, unprivileged user could use this flaw to leak\n information to user-space. ( ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-02T10:56:48", "description": "Check for the Version of kernel", "cvss3": {}, "published": "2012-07-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2011:1350-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-1746", "CVE-2011-2723", "CVE-2011-1160", "CVE-2011-2484", "CVE-2011-2521", "CVE-2011-2022", "CVE-2011-1833", "CVE-2011-2898", "CVE-2011-1745", "CVE-2011-2496"], "modified": "2017-12-28T00:00:00", "id": "OPENVAS:870628", "href": "http://plugins.openvas.org/nasl.php?oid=870628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2011:1350-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\n operating system.\n\n This update fixes the following security issues:\n\n * Flaws in the AGPGART driver implementation when handling certain IOCTL\n commands could allow a local user to cause a denial of service or escalate\n their privileges. (CVE-2011-1745, CVE-2011-2022, Important)\n\n * An integer overflow flaw in agp_allocate_memory() could allow a local\n user to cause a denial of service or escalate their privileges.\n (CVE-2011-1746, Important)\n\n * A race condition flaw was found in the Linux kernel's eCryptfs\n implementation. A local attacker could use the mount.ecryptfs_private\n utility to mount (and then access) a directory they would otherwise not\n have access to. Note: To correct this issue, the RHSA-2011:1241\n ecryptfs-utils update, which provides the user-space part of the fix, must\n also be installed. (CVE-2011-1833, Moderate)\n\n * A denial of service flaw was found in the way the taskstats subsystem\n handled the registration of process exit handlers. A local, unprivileged\n user could register an unlimited amount of these handlers, leading to\n excessive CPU time and memory use. (CVE-2011-2484, Moderate)\n\n * A flaw was found in the way mapping expansions were handled. A local,\n unprivileged user could use this flaw to cause a wrapping condition,\n triggering a denial of service. (CVE-2011-2496, Moderate)\n\n * A flaw was found in the Linux kernel's Performance Events implementation.\n It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a\n lockup and panic the system. A local, unprivileged user could use this flaw\n to cause a denial of service (kernel panic) using the perf tool.\n (CVE-2011-2521, Moderate)\n\n * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO\n (Generic Receive Offload) fields being left in an inconsistent state. An\n attacker on the local network could use this flaw to trigger a denial of\n service. GRO is enabled by default in all network drivers that support it.\n (CVE-2011-2723, Moderate)\n\n * A flaw was found in the way the Linux kernel's Performance Events\n implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local,\n unprivileged user could use this flaw to cause a denial of service.\n (CVE-2011-2918, Moderate)\n\n * A flaw was found in the Linux kernel's Trusted Platform Module (TPM)\n implementation. A local, unprivileged user could use this flaw to leak\n information to user-space. ( ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-October/msg00001.html\");\n script_id(870628);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:35:28 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-1160\", \"CVE-2011-1745\", \"CVE-2011-1746\", \"CVE-2011-1833\",\n \"CVE-2011-2022\", \"CVE-2011-2484\", \"CVE-2011-2496\", \"CVE-2011-2521\",\n \"CVE-2011-2723\", \"CVE-2011-2898\", \"CVE-2011-2918\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2011:1350-01\");\n script_name(\"RedHat Update for kernel RHSA-2011:1350-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~131.17.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:04", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1245-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1245-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840786", "href": "http://plugins.openvas.org/nasl.php?oid=840786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1245_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1245-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1245-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1245-1/\");\n script_id(840786);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1245-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1245-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-419-dove\", ver:\"2.6.32-419.37\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:14", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1239-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840796", "href": "http://plugins.openvas.org/nasl.php?oid=840796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1239_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ec2 USN-1239-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1239-1\";\ntag_affected = \"linux-ec2 on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1239-1/\");\n script_id(840796);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1239-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1239-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-319-ec2\", ver:\"2.6.32-319.39\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:15:44", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1239-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ec2 USN-1239-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1239_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ec2 USN-1239-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1239-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840796\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1239-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ec2 USN-1239-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1239-1\");\n script_tag(name:\"affected\", value:\"linux-ec2 on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-319-ec2\", ver:\"2.6.32-319.39\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:34", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1253-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1253-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840804", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1253_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1253-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1253-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840804\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1253-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1253-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1253-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-386\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic-pae\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-ia64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-lpia\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-preempt\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-server\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-versatile\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-virtual\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:45", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1245-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1245-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1245_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1245-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1245-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840786\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1245-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1245-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1245-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-419-dove\", ver:\"2.6.32-419.37\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:27:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1253-1", "cvss3": {}, "published": "2011-11-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1253-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840804", "href": "http://plugins.openvas.org/nasl.php?oid=840804", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1253_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1253-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1253-1\";\ntag_affected = \"linux on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1253-1/\");\n script_id(840804);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-11 09:59:23 +0530 (Fri, 11 Nov 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1253-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux USN-1253-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-386\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-generic-pae\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-ia64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-lpia\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-powerpc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-preempt\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-server\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-sparc64-smp\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-versatile\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-35-virtual\", ver:\"2.6.32-35.78\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:40", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1240-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1240-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840788", "href": "http://plugins.openvas.org/nasl.php?oid=840788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1240_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-mvl-dove USN-1240-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n \n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n \n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n \n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1240-1\";\ntag_affected = \"linux-mvl-dove on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1240-1/\");\n script_id(840788);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1240-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1240-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-219-dove\", ver:\"2.6.32-219.37\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-08-01T16:16:02", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1240-1", "cvss3": {}, "published": "2011-10-31T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-mvl-dove USN-1240-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-2495", "CVE-2011-2494", "CVE-2011-1833", "CVE-2011-2905", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1240_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-mvl-dove USN-1240-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1240-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840788\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-31 13:45:00 +0100 (Mon, 31 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1240-1\");\n script_cve_id(\"CVE-2011-1576\", \"CVE-2011-1833\", \"CVE-2011-2494\", \"CVE-2011-2495\",\n \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2699\", \"CVE-2011-2905\",\n \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-mvl-dove USN-1240-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1240-1\");\n script_tag(name:\"affected\", value:\"linux-mvl-dove on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ryan Sweat discovered that the kernel incorrectly handled certain VLAN\n packets. On some systems, a remote attacker could send specially crafted\n traffic to crash the system, leading to a denial of service.\n (CVE-2011-1576)\n\n Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not\n correctly check the origin of mount points. A local attacker could exploit\n this to trick the system into unmounting arbitrary mount points, leading to\n a denial of service. (CVE-2011-1833)\n\n Vasiliy Kulikov discovered that taskstats did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2494)\n\n Vasiliy Kulikov discovered that /proc/PID/io did not enforce access\n restrictions. A local attacker could exploit this to read certain\n information, leading to a loss of privacy. (CVE-2011-2495)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Fernando Gont discovered that the IPv6 stack used predictable fragment\n identification numbers. A remote attacker could exploit this to exhaust\n network resources, leading to a denial of service. (CVE-2011-2699)\n\n Christian Ohm discovered that the perf command looks for configuration\n files in the current directory. If a privileged user were tricked into\n running perf in a directory containing a malicious configuration file, an\n attacker could run arbitrary commands and possibly gain privileges.\n (CVE-2011-2905)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.32-219-dove\", ver:\"2.6.32-219.37\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:15:50", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1228-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1228-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840771", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1228_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1228-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840771\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1228-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1228-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.04\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1228-1\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n\n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n\n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n\n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n\n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n\n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n\n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n\n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.16\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:26:35", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1228-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1228-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-3188", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-2928", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-2695", "CVE-2011-3191"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840771", "href": "http://plugins.openvas.org/nasl.php?oid=840771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1228_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1228-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Timo Warns discovered that the EFI GUID partition table was not correctly\n parsed. A physically local attacker that could insert mountable devices\n could exploit this to crash the system or possibly gain root privileges.\n (CVE-2011-1776)\n\n Dan Rosenberg discovered that the IPv4 diagnostic routines did not\n correctly validate certain requests. A local attacker could exploit this to\n consume CPU resources, leading to a denial of service. (CVE-2011-2213)\n \n Dan Rosenberg discovered that the Bluetooth stack incorrectly handled\n certain L2CAP requests. If a system was using Bluetooth, a remote attacker\n could send specially crafted traffic to crash the system or gain root\n privileges. (CVE-2011-2497)\n \n It was discovered that the EXT4 filesystem contained multiple off-by-one\n flaws. A local attacker could exploit this to crash the system, leading to\n a denial of service. (CVE-2011-2695)\n \n Mauro Carvalho Chehab discovered that the si4713 radio driver did not\n correctly check the length of memory copies. If this hardware was\n available, a local attacker could exploit this to crash the system or gain\n root privileges. (CVE-2011-2700)\n \n Herbert Xu discovered that certain fields were incorrectly handled when\n Generic Receive Offload (CVE-2011-2723)\n \n Time Warns discovered that long symlinks were incorrectly handled on Be\n filesystems. A local attacker could exploit this with a malformed Be\n filesystem and crash the system, leading to a denial of service.\n (CVE-2011-2928)\n \n Dan Kaminsky discovered that the kernel incorrectly handled random sequence\n number generation. An attacker could use this flaw to possibly predict\n sequence numbers and inject packets. (CVE-2011-3188)\n \n Darren Lavender discovered that the CIFS client incorrectly handled certain\n large values. A remote attacker with a malicious server could exploit this\n to crash the system or possibly execute arbitrary code as the root user.\n (CVE-2011-3191)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1228-1\";\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1228-1/\");\n script_id(840771);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-14 14:22:41 +0200 (Fri, 14 Oct 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1228-1\");\n script_cve_id(\"CVE-2011-1776\", \"CVE-2011-2213\", \"CVE-2011-2497\", \"CVE-2011-2695\", \"CVE-2011-2700\", \"CVE-2011-2723\", \"CVE-2011-2928\", \"CVE-2011-3188\", \"CVE-2011-3191\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1228-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.38-1209-omap4\", ver:\"2.6.38-1209.16\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:11", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1268-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1268-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2491", "CVE-2011-1767", "CVE-2011-3209", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840811", "href": "http://plugins.openvas.org/nasl.php?oid=840811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1268_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for linux USN-1268-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n It was discovered that the GRE protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ip_gre\n module was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1767)\n\n It was discovered that the IP/IP protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ipip module\n was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1768)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1268-1\";\ntag_affected = \"linux on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1268-1/\");\n script_id(840811);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:25 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name: \"USN\", value: \"1268-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_name(\"Ubuntu Update for linux USN-1268-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-386\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-generic\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa32\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-itanium\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpia\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpiacompat\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-mckinley\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-openvz\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-rt\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-server\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-virtual\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-xen\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:33", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1268-1", "cvss3": {}, "published": "2011-11-25T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1268-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1768", "CVE-2011-2491", "CVE-2011-1767", "CVE-2011-3209", "CVE-2011-2525", "CVE-2011-1585", "CVE-2011-2496"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840811", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840811", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1268_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1268-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1268-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840811\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-25 12:00:25 +0530 (Fri, 25 Nov 2011)\");\n script_xref(name:\"USN\", value:\"1268-1\");\n script_cve_id(\"CVE-2011-1585\", \"CVE-2011-1767\", \"CVE-2011-1768\", \"CVE-2011-2491\", \"CVE-2011-2496\", \"CVE-2011-2525\", \"CVE-2011-3209\");\n script_name(\"Ubuntu Update for linux USN-1268-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU8\\.04 LTS\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1268-1\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that CIFS incorrectly handled authentication. When a user\n had a CIFS share mounted that required authentication, a local user could\n mount the same share without knowing the correct password. (CVE-2011-1585)\n\n It was discovered that the GRE protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ip_gre\n module was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1767)\n\n It was discovered that the IP/IP protocol incorrectly handled netns\n initialization. A remote attacker could send a packet while the ipip module\n was loading, and crash the system, leading to a denial of service.\n (CVE-2011-1768)\n\n Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly\n handled unlock requests. A local attacker could exploit this to cause a\n denial of service. (CVE-2011-2491)\n\n Robert Swiecki discovered that mapping extensions were incorrectly handled.\n A local attacker could exploit this to crash the system, leading to a\n denial of service. (CVE-2011-2496)\n\n Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being\n incorrectly handled. A local attacker could exploit this to crash the\n system, leading to a denial of service. (CVE-2011-2525)\n\n Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A\n local unprivileged attacker could exploit this causing a denial of service.\n (CVE-2011-3209)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-386\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-generic\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa32\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-hppa64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-itanium\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpia\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-lpiacompat\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-mckinley\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-openvz\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-powerpc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-rt\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-server\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-sparc64-smp\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-virtual\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-2.6.24-30-xen\", ver:\"2.6.24-30.96\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-01T16:16:24", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1227-1", "cvss3": {}, "published": "2011-10-14T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-1227-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-2918", "CVE-2011-2723", "CVE-2011-1776", "CVE-2011-1576", "CVE-2011-2928", "CVE-2011-2699", "CVE-2011-1833", "CVE-2011-2700", "CVE-2011-2213", "CVE-2011-2497", "CVE-2011-3191"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310840773", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840773", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1227_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1227-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software
